On Mon, Nov 14, 2016 at 8:51 AM, Jakob Bohm <[email protected]> wrote: > On 14/11/2016 16:31, Peter Bowen wrote: >> >> On Mon, Nov 14, 2016 at 7:14 AM, Gervase Markham <[email protected]> wrote: >>> >>> On 14/11/16 14:00, Peter Bowen wrote: >>>> >>>> It is very easy to mint TCSCs at scale without violating the letter or >>>> the spirit of the BRs and other requirements. >>> >>> >>> I guess I didn't mean to imply that it was hard or easy, only that it >>> hasn't been done so far. But I did wonder about auditors witnessing key >>> ceremonies - would that be a necessary component? Does that make things >>> more complicated? >> >> >> 1) Auditors are not required to witness key generation ceremonies for >> non-Root CA keys when the new CA is operated by the same entity as the >> parent CA. >> 2) There is no requirement that the binding between CA distinguished name >> and key pair occur during the key generation ceremony >> 3) There is no requirement that each CA have a unique key pair. >> >> Combine all three of these and there are multiple paths to easy TCSC >> creation. >> > > #3 would be in apparent violation of the BR applicability document you > proposed in another thread. Alternative would be to pre-create > resellable TCSC key pairs in advance during auditor visits, then throw > away unsold ones at the next such ceremony.
#3 doesn't violate the doc I proposed. The callout is that a non-Root CA may not share a key pair with a Root CA and that a single CA may not have multiple key pairs (e.g. don't attempt key rotation without changing the name). It is completely permissible to have multiple CAs with the same key pair as long as all have the same operator. I think you are pointing out the need for a diagram. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
