This issue is titled “Make sure Forbidden practices are forbidden” - in other words, make sure they are banned in our policy. The only forbidden practice on our list [1] that’s not already covered by our policy is “Distributing Generated Private Keys in PKCS#12 Files”. It reads:
CAs must never generate the key pairs for signer or SSL certificates. CAs > may only generate the key pairs for SMIME certificates. Distribution or > transfer of certificates in PKCS#12 form through unsecure electronic > channels is not allowed. If a PKCS#12 file is distributed via a physical > data storage device, then: > The storage must be packaged in a way that the opening of the package > causes irrecoverable physical damage. (e.g. a security seal) > The PKCS#12 file must have a sufficiently secure password, and the > password must not be transferred together with the storage. > This practice was recently questioned [2] and generated lots of discussion [3], with the conclusion being that our prohibition on this practice should remain at least until a comprehensive plan for CA key generation is presented and reviewed. Given that background, please do not use this discussion thread to reopen the debate on changing our policy on CA key generation. The scope here is limited to the specifics of the existing requirements (e.g. the exception for email encryption certificates), and moving them into policy. I propose adding the following paragraphs to section 5.3 “Forbidden and Required Practices”: CAs MUST not generate the key pairs for end-entity certificates, except for > email encryption certificates meeting the following criteria: > 1. The Extended Key Usage extension is present and set to > id-kp-emailProtection; and, > 2. The Key Usage extension is present and does not include either > digitalSignature or nonRepudiation. > > CAs MUST not distribute or transfer certificates in PKCS#12 form through > insecure electronic channels. If a PKCS#12 file is distributed via a > physical data storage device, then: > * The storage must be packaged in a way that the opening of the package > causes irrecoverable physical damage. (e.g. a security seal) > * The PKCS#12 file must have a sufficiently secure password, and the > password must not be transferred together with the storage. > I would appreciate everyone's input on this topic. This is: https://github.com/mozilla/pkipolicy/issues/107 [1] https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices [2] https://groups.google.com/d/msg/mozilla.dev.security.policy/UnPOf5WIpXM/SbmSD5eCAgAJ [3] https://groups.google.com/d/msg/mozilla.dev.security.policy/MRd8gDwGGA4/AC4xgZ9CBgAJ ------- This is a proposed update to Mozilla's root store policy for version 2.6. Please keep discussion in this group rather than on GitHub. Silence is consent. Policy 2.5 (current version): https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
