Move 1.3.4 "backup key access control" from L2 to L1

[mperklin]

Section 1.3.4 has a L2 control that states:

The backup must be protected by access controls that prevent unauthorized parties from accessing it. Examples of this include safes, safe deposit boxes, or locked drawers where only the operator holds the key/combination for the lock.

This control should be moved to L1 alongside "Backup key exists." Access controls for the backup key are an obvious requirement for L1.

A counterexample showing why this is necessary: it seems possible to have a backup key sitting on a desk and become L1 certified.

[P3B]

Agreed on this point.

Physical access controls to the backup key should be a L1 requirement. Additional levels of physical (geographical separation + tamper evidence) and logical (encryption) is then required for L2 and L3 compliance.

[jlopp]

Under the assumption that this is in reference to an unencrypted backup where a physical attacker would have enough data to reconstitute and sweep the wallet, some sort of access control should be mandatory.