Strong controls over the use of signing keys can enable the certification authority to be misused. This includes separating CA roles and setting policies so that the operation fails if an individual attempts to perform more than one CA role. A malicious actor might issue malicious certificates that allow a device or user to impersonate a legitimate user and conduct a man in the middle attack, or to digitally sign malware that is then propagated. It is preferable to implement a technology that enables a technical solution to the separation of duties policy.”]