I'm sympathetic to perhaps adding a sentence or two, but otherwise I'm struggling to understand the risk as well. If an entity is incapable of managing and protecting a replacement root key, perhaps they shouldn't be in the CA business. And since, at worst, they lose the ability to replace the root key, they aren't in a worse situation than they were if this capability didn't exist. -Tim > -----Original Message----- > From: Spasm <spasm-bounces@xxxxxxxx> On Behalf Of Salz, Rich > Sent: Wednesday, January 2, 2019 3:32 PM > To: Paul Hoffman <paul.hoffman@xxxxxxxx>; Russ Housley > <housley@xxxxxxxxxxxx> > Cc: spasm@xxxxxxxx; draft-ietf-lamps-hash-of-root-key-cert-extn@xxxxxxxx; IETF > <ietf@xxxxxxxx> > Subject: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn- > 02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC > > I don't understand what the risk is. > > If a client sees and understands the extension, it can update its trust store to > have the new key. If a client does not see, or does not understand, the > extension, then the trust store will have to be updated out of band, just like it > is now. > > CA's that use this extension must take proper care to ensure that the private > key is not exposed. > > > _______________________________________________ > Spasm mailing list > Spasm@xxxxxxxx > https://www.ietf.org/mailman/listinfo/spasm
<<attachment: smime.p7s>>
