Nick,I think I have addressed this in my reply to Rob Stradling a few minutes ago.
In short: no, the "temporary unconstrained subCA" does never exist as a signed document, only the final (constrained) subCA is signed.
Adriano Il 02/10/2017 20:57, Nick Lamb via dev-security-policy ha scritto:
The "post-processing" element is confusing, and could do with a bit more explanation unless perhaps I'm the fool here and everybody else (m.d.s.policy regulars) understands how this works Since the name constraints are part of the signed document, altering them after it's signed would invalidate the signature. So surely that can't be what happens. On the other hand, if the thing being "post-processed" is a tbsCertificate rather than a signed certificate surely that can be created using whatever processes are convenient entirely outside the protected physical environment and prior to the ceremony commencing? At most it may be appropriate for the serial number to be chosen during the protected process, to assure auditors that this was random rather than chosen by a third party. I guess the thing I'm seeking clarity on is whether a "temporary unconstrained subCA" actually exists as a signed document, even momentarily within the protected physical environment, and if so, how that could possibly be necessary. Regardless of whether that's the case, the proposed remedial actions are appropriate, but if there are sketchy "temporary" unconstrained subCAs being created (and hopefully destroyed) then it seems important to emphasise to other CAs that this is not an acceptable practice. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy