> On Jun 7, 2018, at 1:40 PM, Ryan Sleevi via Public <[email protected]> > wrote: > > In the pursuit of a definition, we tried to work backwards - what are > situations we think are misuse.
The dictionary definition of ‘misuse’ is: use (something) in the wrong way or for the wrong purpose > Another suggestion was that it involved scenarios where the Subscriber > private key was in an HSM, and itself was not compromised, but had signed > things it was not expected to. This wasn't elaborated on further - so I'm > uncertain if this meant things other than the TLS handshake transcript - but > this is already met by our definition of Key Compromise in 1.6.1, that is: > ""A Private Key is said to be compromised if its value has been disclosed to > an > unauthorized person, an unauthorized person has had access to it, or there > exists a > practical technique by which an unauthorized person may discover its > value. “"" If a key is in a HSM and not exportable, then its value is not disclosed, nor does an unauthorized person have access *to the key*. Dictionary definition of ‘access’ is 'obtain, examine, or retrieve’ none of which apply here. So it is not covered by Key Compromise.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
