Re: AW: self-signed TSA [Was Re: Private Key Cloning]

[Stephen Kent <kent@xxxxxxx>]

Folks,

I support Denis's original restriction on the uses of a TSA private 
key.  It is desirable to constrain the use of a private key to avoid 
possible errors in its use.  It seems that we have gone down a thread 
that focuses on certificates for a TSA, more than on the original key 
usage restriction.

I've always asserted that self-signed certs are just a syntactic 
convenience, not a generally useful way of ensuring security for 
transmitted public keys.  If we agree on that point, then I don't see 
a lot of reason to push for self-signed TSA certs.  A TSA is not a 
CA.  Even if the same organization happens to operate both a CA 
function and a TSA function, it seems appropriate to separate these 
functions. That's part of why we have the proposed constraint for 
using the TSA private key only for signing TSA responses. It was 
suggested that this is not consistent with the use of POP.  True, but 
only in so far as the POP in question is the one defined in our 
automated registration protocols.  Thus is not the only game in town, 
and for a TSA it is reasonable to anticipate other mechanisms that 
provide POP, but not via those protocols.  So, I don't think that the 
POP argument is a good basis for rejecting the key usage restriction.

The "less to trust" argument that Michael makes does have some merit, 
but as Aram points out, a self-signed cert required some 
integrity/authenticity secure, OOB means for its delivery, which is 
why we try to minimize the use of such certs.  It seems hard enough 
to do this for CAs, without adding TSAs to the list. Let's assume 
that TSAs are certified like other entities, by CAs, and work from 
there.

Steve