What would/should be the expected response if a natural disaster/act of God happened and the security of the key material could not be assured by an independent third party?
For example, an earthquake, typhoon, or military coup disrupting travel to location(s) with the key material? Similarly, what would/should happen if a primary location was compromised, but that compromise not detected due to a fire in the primary location disrupting access to the security logs, leading to misissued certificates being trusted and the CA being unaware of their (mis)issuance? Are there any suggestions for how would/should these two hypotheticals be distinguished? Wait until it’s detected? Certificate Transparency is not sufficient in itself, due to the lifetime of certificates and the ability to backdate certificates so that they appear issued prior to the effective date of such CT requirements, so CT is not yet a proper mitigation. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
