[Cscwg-public] Ian's presentation from June 18 CS call

Dean Coclin dean.coclin at digicert.com
Thu Jun 25 11:38:50 MST 2020 

Ian McMillan (Microsoft) presented this at the last meeting regarding cloud
private key protection. This is still in discussion:

 

Current CS BR's in v2.0:

 

16.3 Subscriber Private Key Protection

For Non-EV Code Signing Certificates, the CA MUST obtain a representation
from the Subscriber that the Subscriber will use one of the following
options to generate and protect their Code Signing Certificate private keys:

 

a.	A Trusted Platform Module (TPM) that generates and secures a key
pair and that can

document the Subscriber's private key protection through a TPM key
attestation.

 

2.	A hardware crypto module with a unit design form factor certified as
conforming to at

least FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent.

 

3.	Another type of hardware storage token with a unit design form
factor of SD Card or

USB token (not necessarily certified as conformant with FIPS 140 Level 2 or
Common

Criteria EAL 4+). The Subscriber MUST also warrant that it will keep the
token

physically separate from the device that hosts the code signing function
until a signing

session is begun.

 

For Non-EV Code Signing Certificates, a CA MUST recommend that the
Subscriber protect Private Keys using the method described in Section
16.3(1) or 16.3(2) over the method described in Section 16.3(3) and obligate
the Subscriber to protect Private Keys in accordance with 10.3.2(2).

 

a.	For EV Code Signing Certificates, CAs SHALL ensure that the
Subscriber's private key is

generated, stored and used in a crypto module that meets or exceeds the
requirements

of FIPS 140-2 level 2. Acceptable methods of satisfying this requirement
include (but

are not limited to) the following: The CA ships a suitable hardware crypto
module, with

a preinstalled key pair, in the form of a smartcard or USB device or
similar; 

 

2.	The Subscriber counter-signs certificate requests that can be
verified by using a

manufacturer's certificate indicating that the key is managed in a suitable
hardware

module;

 

3.	The Subscriber provides a suitable IT audit indicating that its
operating environment

achieves a level of security at least equivalent to that of FIPS 140-2 level
2.

 

 

My draft proposal:

 

16.3 Subscriber Private Key Protection

For Code Signing Certificates, the CA MUST obtain a representation from the
Subscriber that the Subscriber will use one of the following options to
generate and protect their Code Signing Certificate private keys:

 

a.	A hardware crypto module with a unit design form factor certified as
conforming to at

least FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent;

 

2.	A Cloud-based key protection solution with the following
requirements enabled on the subscription, and a usage pattern as follows:

i.	A hardware crypto module with a unit design form factor certified as
conforming to at least FIPS 140 Level 2, Common Criteria EAL 4+, or
equivalent;
ii.	Key creation, storage, and usage of private key must remain within
the security boundaries of the cloud solutions hardware crypto module;
iii.	Subscription must be configured to log all access, operations, and
configuration changes on the key. The configuration change log is available
for audits.

 

For Code Signing Certificates, CAs SHALL ensure that the Subscriber's
private key is generated, stored and used in a crypto module that meets or
exceeds the requirements of FIPS 140-2 level 2. Acceptable methods of
satisfying this requirement include (but are not limited to) the following: 

 

a.	The Subscriber counter-signs certificate requests that can be
verified by using a

manufacturer's certificate indicating that the key is managed in a suitable
hardware

module;

 

2.	The Subscriber provides a suitable IT audit indicating that its
operating environment

achieves a level of security at least equivalent to that of FIPS 140-2 level
2;

 

3.	The Subscriber provides a suitable report of the cloud key
protection solution subscription configuration protecting the key in
hardware crypto model with a unit design form factor certified as conforming
to at least FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200625/ddd99135/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200625/ddd99135/attachment-0001.p7s>

More information about the Cscwg-public mailing list