On 14/11/16 15:31, Peter Bowen wrote: > 1) Auditors are not required to witness key generation ceremonies for > non-Root CA keys when the new CA is operated by the same entity as the > parent CA. > 2) There is no requirement that the binding between CA distinguished name > and key pair occur during the key generation ceremony > 3) There is no requirement that each CA have a unique key pair. > > Combine all three of these and there are multiple paths to easy TCSC > creation.
OK, makes sense, thank you. Does anyone think that any of these 3 lack-of-requirements presents a risk? I can't see one immediately but it's worth asking the question. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
