Jakob Bohm via dev-security-policy <[email protected]> writes:
>On 11/01/2019 13:04, Peter Gutmann wrote: >> Jason via dev-security-policy <[email protected]> writes: >> >>> I would say that the problem here would be that a child certificate can't >>> use >>> a higher cryptography level than the issuer >> >>Why not? If the issuer uses strong-enough crypto, what difference does it >>make what the child uses? > >Really? If the CA key is weaker than the child key, an attacker can break >the CA key and sign a fake certificate with less effort than breaking the >child key directly You've apparently missed the fact that I said "strong-enough crypto". The attacker can't break either the issuer key or the child key, no matter how much stronger the child key may be than the issuer. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
