On Mon, Dec 11, 2017 at 9:43 AM, Tim Hollebeek via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > I don't know but it's worth talking about. I think the discussion should > be > "when should this be allowed, and how can it be done securely?" > > The outcome to be avoided is a CA that holds in escrow thousands of private keys used for TLS. I don’t think that a policy permitting a CA to generate the key pair is bad as long as the CA doesn’t hold on to the key (unless the certificate was issued to the CA or the CA is hosting the site). What if the policy were to allow CA key generation but require the CA to deliver the private key to the Subscriber and destroy the CA’s copy prior to issuing a certificate? Would that make key generation easier? Tim, some examples describing how this might be used would be helpful here. A policy allowing CAs to generate key pairs should also include provisions for: - The CA must generate the key in accordance with technical best practices - While in possession of the private key, the CA must store it securely Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy