On Thu, Apr 12, 2018 at 1:51 PM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:
>
> Web packaging is not similar to Secondary Certificates. It is however
> similar to Delegated Credentials.
>
Sure it is. A compromise of a secondary certificate key, or of a web
packaging key, reduces the cost of attack to "Can I induce a client to talk
to the attacker" - which, in a Web context, is sort of a key design feature
of the Web. If you can, then the holder of a compromised Secondary
Certificate, or a compromised Signed Exchanges key, can induce a client to
accept as "from the origin" their content, in an otherwise undetectable
manner.
Also, saying that keys for for WP/DC SHALL be protected in some
> specified way would have really nasty interactions with current
> CABForum BRs, making it effectively impossible to get such
> certificates. So any enhanced protection is at most RECOMMENDED.
>
I'm not sure why you say they would have 'really nasty interactions'.
Parties that want code signing certificates from CAs trusted by Microsoft,
for example, can only do so for keys on hardware security modules. Which
effectively means the CA sending out an USB token or smart card, and
provisioning the key themselves.
I agree that, in terms of the status quo, this is an increase over the
requirements to obtain a web server certificate. But it's something we at
least need to consider as "an option", when considering the interactions
between the security assumptions being made by clients and by servers in
terms of both assurances, detection, and scope of compromise attained.