On 15/10/13 16:00, Oliver Loch wrote: > Based on the sentences people are facing - if they start talking to > the public - it's really possible that the hand full of people that > know that their company handed out the root cert's private key are > keeping their mouth shut.
It's not like the root cert private key is a random file on disk that can be copied onto a USB stick. They are kept in Hardware Security Modules (HSMs) whose role is to allow certs to be signed but not to let the private key leak out. https://en.wikipedia.org/wiki/Hardware_Security_Module Not to say that there's never a way around this, but it's not as simple as you make it sound. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
