On Thu, Apr 12, 2018 at 1:51 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > > Web packaging is not similar to Secondary Certificates. It is however > similar to Delegated Credentials. > Sure it is. A compromise of a secondary certificate key, or of a web packaging key, reduces the cost of attack to "Can I induce a client to talk to the attacker" - which, in a Web context, is sort of a key design feature of the Web. If you can, then the holder of a compromised Secondary Certificate, or a compromised Signed Exchanges key, can induce a client to accept as "from the origin" their content, in an otherwise undetectable manner. Also, saying that keys for for WP/DC SHALL be protected in some > specified way would have really nasty interactions with current > CABForum BRs, making it effectively impossible to get such > certificates. So any enhanced protection is at most RECOMMENDED. > I'm not sure why you say they would have 'really nasty interactions'. Parties that want code signing certificates from CAs trusted by Microsoft, for example, can only do so for keys on hardware security modules. Which effectively means the CA sending out an USB token or smart card, and provisioning the key themselves. I agree that, in terms of the status quo, this is an increase over the requirements to obtain a web server certificate. But it's something we at least need to consider as "an option", when considering the interactions between the security assumptions being made by clients and by servers in terms of both assurances, detection, and scope of compromise attained.
Received on Thursday, 12 April 2018 18:09:31 UTC