[cabfpub] On the use of misuse - and the necessity to remove it

Geoff Keating geoffk at apple.com
Thu Jun 7 07:24:28 MST 2018



> On Jun 7, 2018, at 1:40 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> 
> In the pursuit of a definition, we tried to work backwards - what are situations we think are misuse.

The dictionary definition of ‘misuse’ is:

use (something) in the wrong way or for the wrong purpose

> Another suggestion was that it involved scenarios where the Subscriber private key was in an HSM, and itself was not compromised, but had signed things it was not expected to. This wasn't elaborated on further - so I'm uncertain if this meant things other than the TLS handshake transcript - but this is already met by our definition of Key Compromise in 1.6.1, that is:
> ""A Private Key is said to be compromised if its value has been disclosed to an
>    unauthorized person, an unauthorized person has had access to it, or there exists a
>    practical technique by which an unauthorized person may discover its value. “""

If a key is in a HSM and not exportable, then its value is not disclosed, nor does an unauthorized person have access *to the key*.  Dictionary definition of ‘access’ is 'obtain, examine, or retrieve’ none of which apply here.  So it is not covered by Key Compromise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180607/c0c4fa20/attachment-0001.p7s>


More information about the Public mailing list