My understanding is that neither the BRs or any Root Program require that that subordinate CA key be weaker or equal in strength to the issuing CA's key.
Additionally, such a requirement would prohibit cross-signs where a "legacy" root with a smaller key size would certify a new root CA with a stronger key. For that reason, this illustrative control seems problematic. Thanks, Corey -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of pfuen...--- via dev-security-policy Sent: Wednesday, March 10, 2021 4:17 AM To: Mozilla <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Clarification request: ECC subCAs under RSA Root Hello all, I'd have an open question about the possibility (from a compliance standpoint) of having an ECC 256 subordinate under an RSA 2048 Root. If I look at the WebTrust criteria, I can see this: **** 4.1.3 CA key generation generates keys that: a) use a key generation algorithm as disclosed within the CA’s CP and/or CPS; b) have a key length that is appropriate for the algorithm and for the validity period of the CA certificate as disclosed in the CA’s CP and/or CPS. The public key length to be certified by a CA is less than or equal to that of the CA’s private signing key; and c) take into account requirements on parent and subordinate CA key sizes and have a key size in accordance with the CA’s CP and/or CPS. **** My reading of this criteria is that it's not possible to have a subordinate with a stronger key than the issuer, but this is unclear when mixing algorithms. In theory, an ECC 256 subordinate has a stronger crypto than an RSA 2048 Root, so if I read the above criteria in terms of crypto strength, I get the impression that this is nor allowed. But I don't know if this is an appropriate interpretation of the rules. Can anyone help me to see the light? Thanks! Pedro _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy