[Smcwg-public] Royal-Holloway key escrow scheme

Stephen Davidson Stephen.Davidson at digicert.com
Tue Nov 2 21:28:09 UTC 2021

In our drafting of the S/MIME BR, we included provision for the ECDH keyUsages (encipherOnly, decipherOnly) used in the Royal-Holloway key escrow scheme - primarily because it is mentioned in the gmail policy at https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730#zippy=%2Cend-entity-certificate

However, I cannot find evidence that any CA uses the scheme, which in any case is not documented in a RFC and whose requirements may not be fully specified.

The purpose of this email is two-fold:

1.      Are there any CAs that use the Royal-Holloway key escrow scheme in trusted certificates?
2.      Would the Google representatives enquire if there is a reason for its inclusion in the gmail policy?

Unless those raise questions some new information, we will remove this provision from the draft.

Many thanks, Stephen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20211102/337eece9/attachment.html>

More information about the Smcwg-public mailing list