[Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Bruce Morton Bruce.Morton at entrustdatacard.com
Thu Jul 16 08:21:47 MST 2020 

Hi Atsushi,

I agree. This appears to be an error, which can easily be fixed.

Bruce.

From: Atsushi Inaba <atsushi.inaba at globalsign.com>
Sent: Thursday, July 16, 2020 1:22 AM
To: Bruce Morton <Bruce.Morton at entrustdatacard.com>; cscwg-public at cabforum.org
Cc: Atsushi Inaba <atsushi.inaba at globalsign.com>
Subject: [EXTERNAL]RE: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Dear Bruce,

Thank you for preparing the Ballot.

Could you let me make sure of a couple of things about
"16.3 Subscriber Private Key Protection"?

I suppose that the first half of this section is quoted
from the BRs for Non-EV Code Signing Certificates, and
the latter part is quoted from the Guidelines for EV
Code Signing Certificates. If so, when I see current
description, it seems me little difficult to distinguish
the requirements for EV Code Signing Certificates.

I feel it's better to edit the item 4 as follows;

------------------------------------------------------------

16.3 Subscriber Private Key Protection

For Non-EV Code Signing Certificates, the CA MUST obtain
a representation from the Subscriber that the Subscriber
will use one of the following options to generate and
protect their Code Signing Certificate private keys:

1. A Trusted Platform Module (TPM) that generates and
   secures a key pair and that can document the Subscriber’s
   private key protection through a TPM key attestation.

2. A hardware crypto module with a unit design form factor
   certified as conforming to at least FIPS 140 Level 2,
   Common Criteria EAL 4+, or equivalent.

3. Another type of hardware storage token with a unit design
   form factor of SD Card or USB token (not necessarily
   certified as conformant with FIPS 140 Level 2 or Common
   Criteria EAL 4+). The Subscriber MUST also warrant that it
   will keep the token physically separate from the device that
   hosts the code signing function until a signing session is begun.

For Non-EV Code Signing Certificates, a CA MUST recommend that
the Subscriber protect Private Keys using the method described in
Section 16.3(1) or 16.3(2) over the method described in Section
16.3(3) and obligate the Subscriber to protect Private Keys in
accordance with 10.3.2(2).

For EV Code Signing Certificates, CAs SHALL ensure that the
Subscriber’s private key is generated, stored and used in a
crypto module that meets or exceeds the requirements of FIPS
140-2 level 2. Acceptable methods of satisfying this requirement
include (but are not limited to) the following:

4. The CA ships a suitable hardware crypto module, with a
   preinstalled key pair, in the form of a smartcard or USB
   device or similar;

5. The Subscriber counter-signs certificate requests that can be
   verified by using a manufacturer’s certificate indicating that
   the key is managed in a suitable hardware module;

6. The Subscriber provides a suitable IT audit indicating that its
   operating environment achieves a level of security at least
   equivalent to that of FIPS 140-2 level 2.

----------------------------------------------------------------------

P.S.
Please forgive me if I missed the points.


Best regards,
Atsushi Inaba

―――――――――――――――――――――――――――――
GMO GlobalSign K.K.

Business Planning
Atsushi Inaba

1-2-3, Dogenzaka, Shibuya Ku, Tokyo, Japan
150-0043

TEL: +81-3-6370-6671
FAX: +81-3-6370-6505
E-MAIL: atsushi.inaba at globalsign.com<mailto:atsushi.inaba at globalsign.com>
URL:https://jp.globalsign.com/
―――――――――――――――――――――――――――――
THANK YOU 24 YEARS Internet for Everyone
―――――――――――――――――――――――――――――
■ GMO INTERNET GROUP ■ http://www.gmo.jp/
―――――――――――――――――――――――――――――
This e-mail message is intended to be conveyed only to the
designated recipient(s). If you are NOT the intended
recipient(s) of this e-mail, please kindly notify the sender
immediately and delete the original message from your system.

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Bruce Morton via Cscwg-public
Sent: Wednesday, July 15, 2020 6:36 AM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] FW: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Here is the ballot to the public list for discussion. The discussion period will be extended to minimum 7 days from today, so will end no earlier than 21 July 2020, 22:00 UTC.

Thanks, Bruce.

From: Bruce Morton
Sent: Thursday, July 9, 2020 8:58 AM
To: cscwg-management at cabforum.org<mailto:cscwg-management at cabforum.org>
Subject: Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

This begins the discussion period for the Ballot CSC-2: Consolidate Baseline and EV CSCWG Document

Purpose of Ballot:

The CA/Browser Forum currently has two code signing requirements documents: 1) Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and 2) Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates. The two documents are in similar format and cover many of the same requirements. CAs which issue both types of certificates must adhere to both documents and must be audited to two sets of criteria. CA/Browser Forum members also need to manage two sets of criteria. Auditors need to manage two sets of audit criteria.

The greater goal is to 1) migrate the documents into one document which will manage the requirements of both EV and non-EV code signing certificates, 2) reformat the document to be in the RFC 3647 format which will be in line with CPS format requirements and 3) change and manage the requirements in an ongoing process.

This ballot addresses item 1 of the process. The migration started with using the Baseline Requirements for Code Signing and adding in the EV Code Signing Requirements. The process was to minimize technical change although there was some change to allow merging. The process was not to correct issues, but a “parking lot” list was created to capture changes to be addressed in the future.

The following motion has been proposed by Bruce Morton of Entrust and endorsed by Mike Reilly of Microsoft and Dean Coclin of DigiCert.

--- MOTION BEGINS ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates” based on Version 1.2 and removes the requirements for “Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates” based on Version 1.4. A redline update is attached.

Be it resolved that the CA / Browser Forum adopts the attached CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates version 2.0 effective upon adoption.

--- MOTION ENDS ---

This ballot proposes a Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: 9 July 2020 17:00:00 UTC

End Time: 16 July 2020 17:00:00 UTC

Vote for approval (7 days)

Start Time: TBD

End Time: TBD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200716/fd4732ac/attachment-0001.html>

More information about the Cscwg-public mailing list