Dear Ryan

We need to refer to the points you have raised regarding the ROOT KEY – we must 
stress that the ROOT KEY and the ROOT CA are two different and separate 
Whilst the ROOT CA does have some history the ROOT KEY was never (and shouldn’t 
be) in question.

“I hope you can understand that trust is not just based on the state of the 
world 'today', but based on everything that key has ever done and every bit of 
infrastructure that key has run on.”
>>>> You are now moving to discuss the root key. We have started a year ago 
>>>> speaking of the CPS, than on the certificate, and now the ROOT KEY itself.
Allow me to declare that the ROOT KEY is intact. It is kept on an FIPS140-2 
Level 3 HSM from its creation and always in an offline state as should be.
You cannot put the key itself in any question.

“We know that key has been run on deficient infrastructure, with deficient 
software, and done deficient things.”
>>> deficient infrastructure? The HSM is the ONLY infrastructure of the ROOT 
>>> KEY. The CA has nothing to do with the key itself. The KEY was NOT running 
>>> on deficient infrastructure and\or software!

“The continued public examination has continued to find and discover new issues 
since 2016. 
While remedying these issues is a crucial minimum step towards trust, it only 
gets you to a point where the current infrastructure might be suitable to be 
trusted going forward. 
Ensuring the creation of a new root, with new keys, which has never certified 
any of the deficient infrastructure, is the only way the public 
has to ensure they are not introducing additional risk to their users. “
>>>We strongly disagree with that statement that a new KEY should be generated 
>>>– there’s never was any problem with the KEY therefore generating a new one 
>>>would not affect the integrity of the root as a whole.
We think the discussion should remain on the ROOT CA which had its problems as 
discussed, and leave the KEY out of the discussion.
However, in order to come clean and regain your trust we would agree to start a 
brand new root with a new key pair running on the new CA software (and BR 
compliant of course) but before we do so, we would like to know for certain 
that this process will be satisfactory and accepted by you.
dev-security-policy mailing list

Reply via email to