Security risks with self-signed CA certificates

From: Ish Sookun <ish_at_lsl.digital>
Date: Tue, 18 May 2021 12:58:14 +0400


Dear sir/madam,

I refer to the CCA Directive [1] available on the ICTA website.

In the "scope" defined, it is mentioned that the Root Certificate of CCA
Mauritius is not de facto included in the certificate store of major
software vendors such as Microsoft, Apple, Adobe, Mozilla etc.

The directive advises licensed/recognized/approved Certification
Authorities to automate the installation of the CCA Mauritius Root
Certificate on Windows/Linux based workstations.

The directive does not mention safeguards. Did ICTA/CCA assess the
security risks in the automated installation of a "self-signed" CA Root
Certificate on workstations/devices?

Regards,

Ish Sookun

[1] https://www.cca.mu/documents/Directive1_2021.pdf
Received on Tue May 18 2021 - 08:58:39 PST

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 05:00:01 PST