[T2TRG] Last polish review of draft-irtf-t2trg-taxonomy-manufacturer-anchors

Sini Ruohomaa <sini.ruohomaa@ericsson.com> Mon, 23 March 2026 08:39 UTC

Return-Path: <sini.ruohomaa@ericsson.com>
X-Original-To: t2trg@mail2.ietf.org
Delivered-To: t2trg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 61609CFC10F4 for <t2trg@mail2.ietf.org>; Mon, 23 Mar 2026 01:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XlCLbefNJw6z for <t2trg@mail2.ietf.org>; Mon, 23 Mar 2026 01:39:12 -0700 (PDT)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c201::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 76611CFC10EF for <t2trg@irtf.org>; Mon, 23 Mar 2026 01:39:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=D+h6uUfTg/9Z0Gru2MINqNG+yS7Lak4U3BZbQBiRBCDKn8TDQvOJ1dwWI8l55pUIO9ORlIjBcH/WjqY2fA+Ti1kwTnn92b5rXlDUBe9SRTx9PJoxmsNQWWs62g9Mjz95PIeFZSUTkUl80jY5H3m+yA60B3VuJrFYKRPeFggAbEDzz+PmR6CZtM/Qa4M3i0uhowiHO7nargTlycbRKgZKZGc7AMXIerRX9Qr2JsRia1UHgt8XFCYtirRrUajznvYyOi/asUObiHeLNsKVlpeSHvAXZGv0VsFDOsY4wEU/TSCfHElZija50O1MFBJO67AGXTkWrzM3YXJ1RO6mmeoXwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+n32MJNqkquaChbfAAJCvozV1szzfuSCzQlEYlzcY9A=; b=m9NlJlcX5hlgsMtEPG1AwKvt4FSVpiv3zkTxXQ7B5I5VmrsOtIrWhzSGasjCN3lV/osEDjGgok7d3PclQlbby6GUuOfQ3FF5ffslmUyUOtCEBTzVyqbN5l45XovciigHp1sKqPT8fScjSyQQtoKqVLRYSqS7FKfI/eZtxMHWQ0ocMqnWFXUDg9Ev/wen77GZDTDxvlMw+u2VGtqKd81J+kE3cOZfP7zG/t1///rZKgbFnOAuHCHXUvv2xdAwCe8NPQGqh5gicXQg6U/MOjALj3YfUCQP5OSNLjcqGMyN0l0Xo+E7zCCR/EVdnjEc/wkxHFk4BP9H8t0jwU2+xDjXRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+n32MJNqkquaChbfAAJCvozV1szzfuSCzQlEYlzcY9A=; b=v9EbKr91JNNuIFFeQKQJkr9HDGSNApF/NF562P25jXIliY99hEUGRm7/bZln0dGJlJq7I528zjMo0EN+Z5bX4wbZdn15dnecE1KUon23vPq1ez4iTK+5xeUSLaxwX+21UCF9Uq8L5oCTTf28qzs9a3bceHgnrccB9BkWQ7hGHjitIl0m3yL8X74alL248a7F1Gs1HWoIbfMUJ1uwHyI/RoYOHLCEt9wzCLLRYAuF2RcE3AmndFhfogysve5XLla6yQ+NSqAfGcYta0OVHDce7F/63WX/FPiLlP4E7VN6ey+UUitFggJyeKKJSkaIQv3R25/iC5diZ/N6EZ20t3Bplg==
Received: from PAVPR07MB9237.eurprd07.prod.outlook.com (2603:10a6:102:319::22) by DU0PR07MB9116.eurprd07.prod.outlook.com (2603:10a6:10:404::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.25; Mon, 23 Mar 2026 08:39:02 +0000
Received: from PAVPR07MB9237.eurprd07.prod.outlook.com ([fe80::1731:ed1a:a911:aaaf]) by PAVPR07MB9237.eurprd07.prod.outlook.com ([fe80::1731:ed1a:a911:aaaf%6]) with mapi id 15.20.9723.022; Mon, 23 Mar 2026 08:39:02 +0000
From: Sini Ruohomaa <sini.ruohomaa@ericsson.com>
To: "t2trg@irtf.org" <t2trg@irtf.org>
Thread-Topic: Last polish review of draft-irtf-t2trg-taxonomy-manufacturer-anchors
Thread-Index: AQHcuqCAWlBnAsx3/0e7NjZtNOV4zQ==
Date: Mon, 23 Mar 2026 08:39:02 +0000
Message-ID: <971693575917fa23f32a4d43046f0b902194c233.camel@ericsson.com>
References: <04474d4b76340c0c93be4fbd4e679377f57abdc7.camel@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Evolution 3.52.3-0ubuntu1.1
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAVPR07MB9237:EE_|DU0PR07MB9116:EE_
x-ms-office365-filtering-correlation-id: 6a9abfda-7f8e-4d59-1fdc-08de88b7a2c4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|3613699012|56012099003|18002099003|38070700021;
x-microsoft-antispam-message-info: vSgYiLm8ZMR7RS+lLFadX4+OzxNOZEOWswLre87/kNCoXliANH+Vc+6MCG8ByNRPqJnw+8XYiUtgFs0Mp6obloHJnUj1Q5AsBOzzpHGXvC4Lo/ovuYt0i6idu8cy8n6/5L19f0/PRxNU6hrqxoFI+RDkfc8RSps2H/4+9s01tvJTbicy5qPIVCoPmNLTiWUG9AtkXMrLBD4dRfxamF4DltnWMvl9ZW4eEJaxAhAOG1DPFSj1xvc80X0NNhxUFdDPvQyr3H1lv+zHKvTqDIeS3Cf3UA4xWNl8ErCYT7KUA45uk+cQMY8C0EcRE1nuAe3MbHvmbCEBYjEaZNHNm5Vi5O5bNXqvL6GnhX0/T5drlXBRPj6mB6ji8XBgzv7Og4TXhpbHbokt0NQFFYz+MASbhemJSTTpE06IIHU+qVF6q2zc2Kro1xnoBVpGRLohf8QRqBudKcdtA0ADXA2V6GN99hE9LNlQ8Ce2dIfwPVWoE73tWDJV5HdPtBFQS6fz4S5EIExV6nMdT0LhdXNyIiREw5qp0jF6YGmvnC7ciR5RfuMMQft4b5ejQz89O7LjWLh3vZs9hjkoJ17iNRoVUNLppDvzIKYhJ7IQ0g5jv3LNQcKiYKrcyhH7TYWc/Ln/SNm7LV3SBoy8l6GHnhxGxT4VHmIu/wVFRqm+LIPOsjcum4TwfR2PC+0Gde+w4NnwR3ezMk2YwOCvFlfm5Zkjzj2WOIBA2cucvpdEKPtPIc5V59KxHKqLoH56vihHkz/rw4Z3ezzn0Ep4L94r23qHofEC8RSv5LXQscWXzqNjUGDUIo7cM6oTmjPIjxGMrmRvNfyk
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAVPR07MB9237.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(3613699012)(56012099003)(18002099003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: 9Y/9SPbwle/zPqztG5VS9akeeDRH9hR4nQ0A9n9NQHFTiARkxtHDqkiCq3rneD0aYiGCmXYeiHjEAgEicWJb2h/3bn1wltpOpiBi1LdYlCUOLntCdKzgSfl09Oy0Mf7iGSiSjLU/z2Jo5uWl1CluH7Jc2jTOXQpi8eGzfJNHTRdqr+ZAT23vgynVuJq/U12GrsymL0fYIM7wgrqkt0c68DJaG83vS1hGSo41LYAwQLFrXR0CNTnkMM2ZvIaqeUkO1K0wBRhm6ozXrp9dhUIXhGoRN828l6hGC1iFWxMZKq9sYguESk1P2ScSDNuC6ZG/esks6oUFzdjMS3YrgILh7kqc7iTPdkP67UMpIiO0xWbjqyiH1E9KKEhk1XdEmvf4uwu5Gc0RxnEzRP1kbWUPV8bqhuuCINZCGKxZvSEYOtwHMX0+g2oWR2YOh66yxgmAZhd8+g0VEFFBnlX3/1QJRIolfKChAfHwEUKbOwOKRR19V7fPSyFeJahJoPknxACqcyCKbhCK7yoUffJa+aAwilxeWoB66iuXy2ftFZlr7SGIhLEjeNqZXFjPfRnuF81fcWSjYAYhna9839yW1hc7aXnT+g2Ue7fuv3EhClR5pZ4D/ulDEiSJtVxprHHLjC6senvsku5W+BTustnmwHpnermAdQ/gOIorbNmBs66lCy/ULmPWwIPbmiUy/eVyZEqKfV25gDJdr7tkBbqL/WdD5Hb2/vhOgtYWcDsKMnReDlZgAeXCWi6nbyl4EB+Ffsl+bTmdCjJGmmli6EaWYk3Vu7ZA0Atmt66+7RqAnN/zrUaLD+u1ntS0E8zDAiQvWs4kBjY2jbPxgjRrvBkZ3vjmCx0tcJwWHvBTldOPhV6QsE2Z1AO3YB8M8bDQuZG5wjIoKFG3a07D3N4LsRRtPSJulnetQ7LPO1ypWPmQRH9Meh/aBcJR6ML8kmmnUXrsLTAeuLNSmSqsQa5eEH7i+uTCsz06t8aNzod38BCoZcNZKCVuQvb7qvybYmgk+YBv1leXwGaXbO0/acAkmgBJ9J+rI16yNMMtoY8Fzm9A76u1pVn+btakCNTkfOd4Md2n8OeqdKRfJaQQ8HRdd+nXP7nUr/3qjfJWsAHqY2rH7GopC90TDkjRrk1b1tODPmgBWt/J9ghHe5Cmtd1+a5s/SXQrTX6xaDES3qT/qRKAIoOK5Cqfwh8jkdWfbJatnJf4E922l8m/1mpIhDhHPvmFGeYbkm09f7xHg0MirtvfpvTMDrPc7x4LX6jmc+XsW260/w0AaMLhWsNjZMkJkUJJ6EqBxB7w9Xd0kzwQc8seW65HOYjBetbiirbcVSLRokjGGF/OopA51+aMz/cFQQh4wL472EUJ1mcQK1leTlycB7Ty+dgs+16DbwsYAjI+s7tetwJ4i8oi4u/E6oquaZp3gKaO0Ppthbd5kHFQb8TYaginEl1f/hAJngH8Z054mpePO2Xv9jdukc0MQLXvZvbs72R9L3XvKCQaq2WlSNSphE8AGaU80DuTWAE/uGQxPjdq61ioPW+B3nA33bP9mGQ4wSyYWcsxbxfAQev+5OROPjX01z6o0PU5zUF7GFagEDZlC0XUb28ZNslJgfMuI2fmMbKCbycNFXLWCYwGqGaAHeS36+LV6d5Gb3e4UEDzAriPSRe0ZeA0WYY88SnxoO+k8DuA4NhC4YWxbHrIwwuiClLEUhYOhUErijoQWg2c7+D6XSKSPiVgRHwgQYAgrLXi/yu+JqNuPgsz15h/oVurO0WeDXqKtlVbGTwAM3I7c2l3ZntDGbrzdh3q
x-ms-exchange-antispam-messagedata-1: 3rRf9eH6hnDo9Bjk9q+2aeecK5lqrIKvTjU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <2B1EDA1EFA9E0445A811187BA66A4C45@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAVPR07MB9237.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a9abfda-7f8e-4d59-1fdc-08de88b7a2c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2026 08:39:02.3714 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cLq1/+Bt/i6aP/FQa4jlgCVc70vqB8xEiopUoGYs+Ovz5oQazbMP7Ds5OJaqNA5L7nuXsEZk6Ncn1SqsW8jMRBqkfNnC1Po/mX8J3jZKqNE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB9116
Message-ID-Hash: RTWI22IOA5WVF7CVE73DQCM734LJTDDN
X-Message-ID-Hash: RTWI22IOA5WVF7CVE73DQCM734LJTDDN
X-MailFrom: sini.ruohomaa@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-t2trg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [T2TRG] Last polish review of draft-irtf-t2trg-taxonomy-manufacturer-anchors
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/4YaI3SjAalJZNbZWtkigiAjkkFE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Owner: <mailto:t2trg-owner@irtf.org>
List-Post: <mailto:t2trg@irtf.org>
List-Subscribe: <mailto:t2trg-join@irtf.org>
List-Unsubscribe: <mailto:t2trg-leave@irtf.org>

Hello, T2TRG, 

Apologies, I realized I seem to not have ever successfully received the
replies back in 2022, I finally saw them now in the web archive but
have written the review below prima vista on just the current document
version, as I only emerge from the barrel I live in usually on rare
occasions such as this. ;)

Thank you for this draft. It provides a concrete informational
exploration of initial device identity certificates as witnessed in
their natural habitats, and an excellent public reference for comparing
different approaches taken. I am additionally always happy to see RFC
7168 and mnemonic produce in good use, and close proximity to origin
manufacturing seems particularly appropriate. :)

I have very minor comments that I compensate for by a large number,
while regretting the late timing of the feedback. Most of the below is
typographic notes for your consideration, coming from non-native
speakers with at least level 3 grammatical special interests.

Onwards!

In the context of the introduction, if so desired, one might also
mention our personal telecom equipment favourites, the 3GPP-specified
Vendor Credentials. The design pattern is similar to IDevID; TS 33.310
can be referred to for more information.

It is slightly confusing to a literal mind to see in 1.1 a list of
hyphenated terms, many of which are not in fact hyphenated.

Enclosing "The TAM is a piece of software (...)" in parenthesis in 2.1
seems unnecessary.

In 3, I disagree with "authorizations implicitly attached" when
discussing the nature of trust anchors, due to the access control
meanings attached to the word "authorization". Generally in access
control, the presence of a signed certificate should definitely not
imply authorization, but authenticity and to some degree origin, and
confusion about this leads to security mishaps. Authorization should be
attached to a specific identity represented by the certificate, not the
presence of one; this way authorization can be added and revoked
without modification of the certificate. Or in other words, trust
anchors carry trust about what/who a public key is representing, but I
can locally still decide what I do with that information (in
software): is Alice getting in or not with her certificate depends on
policy, but the certificate allows us to tell her apart from Eve and
Melissa. I try to use the term 'trust' in this context over
authorization to avoid this conceptual collision, but 'authenticity
protection' or some more technical term could also be considered. The
term is mentioned also in the list item 2 in section 3.

In the sixth paragraph of section 3, a "on" may be missing after
"based".

In list item 4 in section 3, there may be a 'd' missing from "associate
private key".

A period may be missing after [leakedmsikey] and at the end of section
3.2. An extra space may be present in 3.4 "web sites". 

In 3.1, it may be considered to point out explicitly that extremely
controlled modification to a key the attacker controls is generally the
desired target (integrity vs. availability attack), lest the reader
wonder about replacing the close-proximity gamma ray attack with a
sharp tap with a hammer and a nail to similarly render a device
unbootable. 

In 3.8, an 'and' may be missing in the last sentence after 'operator'.

In 4.1, it is proposed that IDevID could be used to decrypt software
updates. I cannot recommend this approach, as using the same RSA key
both for decryption and signatures is generally considered a security
issue - among other things because the usage pattern of signing and
decrypting is different (you sign what you generate or trust yourself,
but decrypt external information you usually do not trust, and as the
decryption operation is using the same trapdoor function as signatures,
you "sign whatever you decrypt" to extensively simplify). Additionally,
NIST has deployed new quantum resistant key agreement algorithms in KEM
form only, which means that dual-use keys are in practice a thing of
the past. I would definitely recommend to provision a separate key for
decryption purposes.

In section 4.1.1, a comma may be missing after 'However' in the third
paragraph, and an extra space may be present in "can not" in the
seventh paragraph (this repeats also elsewhere in the document). In the
last paragraph, "manufacturers'" may be intended as "manufacturer's". A
comma may be missing after "a light bulb" and "airplanes".

In 4.1.2, "Certification Signing Request" is maybe intended as the more
commonly used "Certificate Signing Request" (RFC 2986 speaks of PKCS#10
as certification request, and for example RFC 9646 of Certificate
Signing Request, CSR).

In section 4.1.3, "256-bits" seems to have inadvertently captured one
of the hyphens left over by the hyphenated terminology section and
should maybe release it. 

In the third paragraph of the same section, "then is" maybe should be
"is then".
 
It is worth noting that the component manufacturer has their own
manufacturing line and likely needs to plant the seed into their
component there, so it will in that sense be exposed to a physical
factory (paragraph 7 in 4.1.3), just a different one, so while this is
explained in the further paragraphs the statement is locally confusing
here. The comparison to a carrot as a biennial plant is very apt.

It would seem that once the private key management is delegated to the
component manufacturer, it would also make sense to outsource
certificate issuance and its complexities to them. If the device
manufacturer only receives the public key of the chip in a signed
certificate embedded with relevant metadata to identify which key is
which, they can extract the public key (or get an associated ready
self-signed CSR together with the certificate) to issue their own
certificates and never need to deal with the seed and private key
security. (It is possible that this is even the intended message all
along, but in the paragraphs 9-11 it seems that we are talking about
the second year of the carrot, not the first. Related, it should be
noted that both actors are in fact manufacturers so '(the)
manufacturer' alone in those paragraphs is ambiguous.) 

One reason to not do this and risk compromise of private key material
in transit is when the seed can be used as ground input to generate a
number of different keys, not all of which the silicon provider can or
needs to invent beforehand. This provides several angles of
cryptographic agility but also does add the security headaches of
having to ship around symmetric secret key material across
organizations. It may be worth mentioning out loud that the PRNG
generated key pair does release us from the pre-installed key
strictness as the key that is generated can be chosen more flexibly.

In 4.1.4, is the reason that using a discrete TPM turns a squash into
an avocado that our security boundary for the purposes of this model
changes from the device (on-whole-device, using secure element) to the
TPM (on-TPM, using itself, as opposed to on-whole-device, using TPM)?

In 4.1.5, list item 1, "suppliere" maybe has an excess 'e'. In the
fourth paragraph, "But," is maybe intended as "However,". In the second
last paragraph, "Not that" is maybe intended as "Note that". The
exclamation marks in paragraphs 1 and 5 are surprising and maybe not
needed.

The addendum about a inventory specific to for each client maybe
applies also to the carrot seed shipping model, unless the intention is
to say that the inventory must be long-lived for CA operation purposes,
while the carrot model seeds can be deleted as the responsibility is on
the second-year manufacturer.

In section 5, "doing enrolment" (or enrollment) is maybe best expressed
as "performing enrolment" or simply directly "mechanisms of enrolment".

In case of multi-level certification authorities in paragraph 3, would
not the operating rules be clarified in the certification policy (CP)
and certification practices statements (CPS) of the CAs (RFC 3647)?
Assuming, of course, that the CAs follow the RFC.

In the 7th paragraph in section 5, possibly "public/private key pair"
should be in plural since the identities are, although this is not
technically necessary as attackers, bless their heart, are not required
to maintain appropriate opsec posture.

In the 8th paragraph, "which it is not authorized to do so" should
probably end "to sign". CRLs could be explicitly mentioned here as a
local technical recovery mechanism, while high-visibility process
failures such as the one cited at Comodo seriously undermine the trust
in any public CA. (CRLs only come up as a new item two paragraphs later
as a part of a validation authority failure pattern.)

Section 5.2 third paragraph has a surprise capitalization of
"Ceremony".

In the last paragraph of 5.3, which mostly speaks of CAs, steps to the
side about signing code releases, which are typically not signed as a
certificate but by an end entity key that has a certificate. It may be
best to keep CA signing of certificates and code signing conceptually
separate. 

In the same paragraph, the mitigation of a "compromise between
situations" is maybe technically not a mitigation of a compromise but
e.g. "To address the conflicting needs, some levels of the PKI may be
kept offline, and some levels online." This division is mentioned at
the end of 5.1 as well.

In section 5.3 "deals with attacks" is maybe a bit ambiguous since 5.2
is about protection levels, not defenses as such; a more "direct"
though wordier expression might be "The protections discussed in the
previous section aim to thwart attacks". 

In the same paragraph, a comma may be missing after "undetected".

Technically, the devices are not the source of the danger if the
attacker has access to CA private keys. The danger comes from the
"intended-untrusted" devices (and non-device processes) that are NOT
the devices with real certificates, but fake certificates, that are
attacker controlled. 

Section 5.3 repeats much of the disaster pattern identification
material in the introductory part of Section 5. Some of those could be
potentially merged.

In the fifth paragraph of 5.3, generalize "forgets a password" to "CA
key staff lose access to authentication secrets, such as a password",
as CAs (hopefully) do not generally operate on password protection.
Incapacitation seems sufficient to mention here, since staff dying can
in a secular world view be considered a special case of it.

In the sixth paragraph, "deals with" could be replaced with "addresses
the risk of" (physical damage).

In the seventh paragraph: suggest replacing "becomes: how are the
backups unlocked, or activated" with "becomes how the backups are
unlocked or activated." This section could potentially be condensed
slightly as its style includes quite a few question marks and a
detective story style which departs from the earlier tone of the
document.

If there is a reference available for the DNSSEC Root anecdote, that
would be an interesting addition.

5.3.1 a more commonly recognized name of the Shamir scheme seems to be
"secret sharing" as opposed to splitting. It may not be necessary to
describe here as it gets quite specific, but I see no harm in it. I
recommend not underlining staff death here too, as readers may find it
overly dramatic. Incapacitation is sufficient for a key executive to
not be motivated to prioritize coming to work to unlock keys on that
particular day.

In the 7th paragraph fo 5.3.1, "However" should probably be followed by
a comma in this kind of use. 

The #1 benefit of secret sharing as opposed to simply backing up the
secret to multiple executives is omitted: unlike secret copying, the
scheme tolerates at most k-1 executives to become corrupted.

The speculation for handling a code signing key at the end of 5.3.1
with a secret sharing scheme seems unnecessarily elaborate, refer to
the earlier mention of staff inventing workarounds when their work is
too hard.

In section 6.1, sentences formed as a question could be reordered to
not need a question mark (which is missing), for example "how far does
a board travel" should end in a question mark, but "how far a board
travels" does not need one (first-second-stage-gap). Others in e.g. 6.2
have question marks but maybe could be reorganized.

In 6.2, "n-components" has captured an extra hyphen. 

identity-shared-split-continents may be an unnecessary pattern for any
organization that is not international across continents. 'Sites' may
be more general-purpose.

As an ultimate meta nitpick, section 9 maybe "provides" should be
"provided". ;)

Thank you again for this work! As noted the above list is just for
consideration.

Best regards,

--Sini