[Smcwg-public] Royal-Holloway key escrow scheme

Stephen Davidson Stephen.Davidson at digicert.com
Tue Nov 2 21:28:09 UTC 2021


In our drafting of the S/MIME BR, we included provision for the ECDH keyUsages (encipherOnly, decipherOnly) used in the Royal-Holloway key escrow scheme - primarily because it is mentioned in the gmail policy at https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730#zippy=%2Cend-entity-certificate



However, I cannot find evidence that any CA uses the scheme, which in any case is not documented in a RFC and whose requirements may not be fully specified.



The purpose of this email is two-fold:

1.      Are there any CAs that use the Royal-Holloway key escrow scheme in trusted certificates?
2.      Would the Google representatives enquire if there is a reason for its inclusion in the gmail policy?



Unless those raise questions some new information, we will remove this provision from the draft.



Many thanks, Stephen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20211102/337eece9/attachment.html>


More information about the Smcwg-public mailing list