Re: AW: self-signed TSA [Was Re: Private Key Cloning]

["Simon McMahon" <simon@xxxxxxxxxxxxxxx>]

Michael wrote:
>
> If we forget for a moment about what the draft says (please): what is
wrong
> with using a TSA key for signing 'something that is not a time-stamp'? I
do
> not see anything criminal about that. Especially if the case is
well-defined
> and justified.
>
The draft obviously said it for a reason but to answer "what is wrong
with using a TSA key for signing 'something that is not a time-stamp'?"

1.    Its good security policy to restrict usage of particularly sensitive
keys.

The ultimate restriction is one exclusive use which is the state of the
draft now.
You should show a very good reason to weaken that or show that the new
usage has negligable impact. If you do this then an attack on certificate
signing keys will be useful as an attack on time-stamp signing keys since
time-stamp signing keys can also sign certificates.

2.    It couples the primary TSA service (making timestamps) with a CA
        service (making certificates).

I'm not sure that the intention is for TSAs to always be CAs or vice versa.
If CAs and TSAs will be operated, managed and owned seperately then it
is good that their services are not too coupled or intertwined.

Also, if TSAs will be subject to formal evaluation "torture" then the less
services and complications they include the less the torture will be. Both
uses of the private key, time-stamp signing and certificate signing, will
need to be evaluated.


Regards,

Simon.