On Fri, Dec 24, 2021 at 2:49 AM passerby184 <
tjt...@gmail.com> wrote:
>
> Because "OCSP signing Certificate" shows only once in entire BR, only requirement for them are having id-kp-OCSPSigning and id-pkix-ocsp-nocheck. this doesn't fit anywhere in current requirement: this isn't CA certificate nor subscriber certificate by itself, although ocsp signing role technically added into any of them as BR 7.1.2's extkeyusege limit is 'SHOULD NOT' for this key usage. if we consider this type of certificate isn't a CA, can they be sit outside of HSM and use full CPU power to sign OCSP, which may benefit high volume CAs this may not that dangerous as it sounds if its lifetime is short enough, like a week or 3 days.
From my knowledge of Mozilla policy, the CA/Browser Forum (CA/BF)
documents, RFC, and other trust store requirements, you are accurate
that there are no specific key protection requirements for the private
keys matching OCSP responder certificates. The OCSP responders
provide "validity status", so are "Certificate Systems" and "Issuing
Systems" according to the CA/BF Network and Certificate System
Security Requirements, so the systems that hold and use the keys must
meet security requirements from that document. Nothing in those
requirements precludes "us[ing] the full CPU power to sign OCSP"
responses.
Thanks,
Peter
(my personal view and does not necessarily reflect the views of anyone else)
(posting for myself, not on behalf of anyone)