I agree with Corey that this is problematic, and wouldn't even call it a best practice/good practice.
I appreciate the goal in the abstract - which is to say, don't do more work than necessary (e.g. having an RSA-4096 signed by RSA-2048 is wasting cycles *if* there's no other reason for it), but as Corey points out, there are times where it's both necessary and good to have such chains. On Wed, Mar 10, 2021 at 9:46 AM pfuen...--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > My understanding is that neither the BRs or any Root Program require > that that subordinate CA key be weaker or equal in strength to the issuing > CA's key. > > > > Additionally, such a requirement would prohibit cross-signs where a > "legacy" root with a smaller key size would certify a new root CA with a > stronger key. For that reason, this illustrative control seems problematic. > > > > Thanks, Corey. > I also see it problematic, but I've been seeing other root programs (i.e. > Spanish Government) enforcing this rule, so I'd like to understand if it's > a "best practice" or a rule, and, in particular, if it's rule to be > respected for TLS-oriented hierarchies. > P > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy