Open mperklin opened 7 years ago
Agreed on this point.
Physical access controls to the backup key should be a L1 requirement. Additional levels of physical (geographical separation + tamper evidence) and logical (encryption) is then required for L2 and L3 compliance.
Under the assumption that this is in reference to an unencrypted backup where a physical attacker would have enough data to reconstitute and sweep the wallet, some sort of access control should be mandatory.
Section 1.3.4 has a L2 control that states:
This control should be moved to L1 alongside "Backup key exists." Access controls for the backup key are an obvious requirement for L1.
A counterexample showing why this is necessary: it seems possible to have a backup key sitting on a desk and become L1 certified.