Hi Tim, The more I think about it, the more I see this is actually a interesting question :-)
I suspect the first thing Mozilla allowing this would do would be to make it much more common. (Let's assume there are no other policy barriers.) I suspect there are several simpler workflows for certificate issuance and installation that this could enable, and CAs would be keen to make their customers lives easier and reduce support costs. On 09/12/17 18:20, Tim Hollebeek wrote: > First, third parties who are *not* CAs can run key generation and escrow > services, and then the third party service can apply for a certificate for > the key, and deliver the certificate and the key to a customer. That is true. Do you know how common this is in SSL/TLS? > I'm not > sure how this could be prevented. So if this actually did end up being a > Mozilla policy, the practical effect would be that SSL keys can be generated > by third parties and escrowed, *UNLESS* that party is trusted by Mozilla. Another way of putting it it: "unless that party were the party the customer is already dealing with and trusts". IoW, there's a much lower barrier for the customer in getting the CA to do it (trust and convenience) compared to someone else. So removing this ban would probably make it much more common, as noted above. If it's something we want to discourage even if we can't prevent it, the current ban makes sense. > Second, although I strongly believe that in general, as a best practice, > keys should be generated by the device/entity it belongs to whenever > possible, we've seen increasing evidence that key generation is difficult > and many devices cannot do it securely. I doubt that forcing the owner of > the device to generate a key on a commodity PC is any better (it's probably > worse). That's also a really interesting question. We've had dedicated device key generation failures, but we've also had commodity PC key generation failures (Debian weak keys, right?). Does that mean it's a wash? What do the risk profiles look like here? One CA uses a MegaRNG2000 to generate hundreds of thousands of certs.. and then a flaw is found in it. Oops. Better or worse than a hundred thousand people independently using a broken OpenSSL shipped by their Linux vendor? > With an increasing number of small devices running web servers, > keys generated by audited, trusted third parties under whatever rules > Mozilla chooses to enforce about secure key delivery may actually in many > circumstances be superior than what would happen if the practice is banned. Is there a way to limit the use of this to those circumstances? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
