On Tuesday, December 12, 2017 at 11:31:18 AM UTC-8, Tim Hollebeek wrote: > > A policy allowing CAs to generate key pairs should also include provisions > > for: > > - The CA must generate the key in accordance with technical best practices > > - While in possession of the private key, the CA must store it securely > > Don't forget appropriate protection for the key while it is in transit. I'll > look a bit closer at the use cases and see if I can come up with some > reasonable suggestions. > > -Tim
Unfortunately, the PKCS#12 format, as supported by UAs and Operating Systems is not a great candidate for the role of carrying keys anymore. You can see my blog post on this topic here: http://unmitigatedrisk.com/?p=543 The core issue is the use of old cryptographic primitives that barely live up to the equivalent cryptographic strengths of keys in use today. The offline nature of the protection involved also enables an attacker to grind any value used as the password as well. Any plan to allow a CA to generate keys on behalf of users, which I am not against as long as there are strict and auditable practices associated with it, needs to take into consideration the protection of those keys in transit and storage. I also believe any language that would be adopted here would clearly addresses cases where a organization that happens to operate a CA but is also a relying party. For example Amazon, Google and Apple both operate WebTrust audited CAs but they also operate cloud services where they are the subscriber of that CA. Any language used would need to make it clear the relative scopes and responsibilities in such a case. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
