[Cscwg-public] Update to key protection (in 16.2 & 16.3)
Tomas Gustavsson
tomas.gustavsson at primekey.com
Fri Nov 13 01:09:28 MST 2020
Hi,
I have reached out to a security architect at a vendor of security
hardware chips to get a better understanding on the certification side
of things.
The story gets foggier...at least for me.
I have more questions than answers unfortunately. But it boils down to
if the forum want to high a high level of assurance of private key
protection, or muddier, opening options for weaker private key protection?
The security architect I spoke with don't think we should use "or
equivalent" as that is very non specific. How to judge this? In his
opinion it open up doors to weak private key protection.
I got a little better insight into chip silicon certifications.
FIPS 140-2 or EN 419 221-5 are highly related to HSMs.
BTW: from now on HSMs are evaluated against FIPS 140-3 I believe (since
september 2020).
Silicon produced for USB tokens and smart cards are evaluated against:
TPM silicon is certified against:
https://trustedcomputinggroup.org/resource/pc-client-tpm-certification/
Then system vendors can lay FIPS certification on top of the silicon
certification, adding their firmware.
https://trustedcomputinggroup.org/resource/tcg-fips-140-2-guidance-for-tpm-2-0/
A relevant requirement for TPMs module certification would be:
"Protection Profile PC Client Specific TPM version 2.0"
For smart cards or USB token chips it could be:
"Security IC Platform Protection Profile version 1.0"
To complicate things some old tokens like SafeNet was certified against:
"Protection Profile —Secure Signature-Creation Device v1.05"
Questions:
1. How strongly does the forum want to assure private key protection for
code signing keys?
2. Question I guess if for WebTrust, is it reasonable to judge "or
equivalent", or does it open up too many doors to weak key protection?
For example is the CC evaluation of SafeNet eToken 5110 (a popular USB
token) equivalent?
https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token
3. Should we FIPS 140-3 directly? Evaluations on -3 has begun.
4. If the Forum want to specify USB tokens and TPMs more carefully,
should those certification standards be called out?
Regards,
Tomas
On 2020-11-02 20:43, Ian McMillan via Cscwg-public wrote:
> Thanks Bruce!
>
>
>
> For #1, I am interested in better understanding what advantages level 3
> operations provides here. I do feel level 2 will continue to be the best
> course of requirement as a Signing Service should have the ability to
> execute on resiliency scenarios that would be negated by level 3
> operations (e.g. HSM vendor and SW diversity/resilience). I also do not
> want to exclude Signing Services from leveraging cloud-based key
> protection services which offer level 2 as a base/premium SKU in all
> cases (not all have a level 3 option).
>
>
>
> On #2, I feel the timing is at least one year out from the June 1, 2021
> date that we attached to key lengths and hash algorithms. The 1 year
> from that date should provide most the opportunity to obtain a code
> signing certificate within the new standards for key protection. It may
> be best to state in the timing that any new certificates issued post
> implementation date (say June 1, 2021) must meet the these key
> protection standards, but private keys for existing valid certificates
> have until June 1, 2022 to meet these requirements. Is this viable in
> folks mind?
>
>
>
> Thanks,
>
> Ian
>
>
>
>
>
> *From:* Bruce Morton <Bruce.Morton at entrust.com>
> *Sent:* Sunday, November 1, 2020 11:38 AM
> *To:* Ian McMillan <ianmcm at microsoft.com>; cscwg-public at cabforum.org
> *Subject:* [EXTERNAL] RE: Update to key protection (in 16.2 & 16.3)
>
>
>
> Hi Ian,
>
>
>
> I will have our team review.
>
>
>
> I have a couple of items:
>
> 1. Signing Service requires FIPS 140-2 level 2. Should this be updated
> to FIPS 140-2 level 3, as this device will not be operated by the
> Subscriber and may have many multiple Subscriber private keys? Level
> 3 might be better for a third party to protect a multi-tenant HSM.
> 2. If this ballot passes, when would it need to be implemented. I think
> that there may be many impacted to CAs and Subscribers. It would be
> good to have many months to a year to implement.
>
>
>
>
>
> Thanks, Bruce.
>
>
>
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org
> <mailto:cscwg-public-bounces at cabforum.org>> *On Behalf Of *Ian McMillan
> via Cscwg-public
> *Sent:* Friday, October 30, 2020 6:11 PM
> *To:* cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
> *Subject:* [EXTERNAL][Cscwg-public] Update to key protection (in 16.2 &
> 16.3)
>
>
>
> *WARNING:* This email originated outside of Entrust.
> *DO NOT CLICK* links or attachments unless you trust the sender and know
> the content is safe.
>
> ------------------------------------------------------------------------
>
> Hi Folks!
>
>
>
> I’ve drafted up the redline for the changes for an upcoming ballot on
> the current version of the Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Code Signing Certificates
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fwp-content%2Fuploads%2Fbaseline_requirements_for_the_issuance_and_management_of_code_signing.v.2.0.pdf&data=04%7C01%7Cianmcm%40microsoft.com%7C7f76fb8beccf4872e87508d87e9db601%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637398563618781485%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=n20Tj9NtxJ%2BN0DYmwZABe04HUShfI70zAG%2BVlDSPyls%3D&reserved=0>
> on section 16.2 and 16.3 as it pertains to subscriber private key
> protection requirements (leaf-signing cert private keys). The goal is to
> collapse the requirements on non-EV and EV, and to include support for
> cloud-based key protection solution offered by GCP, AWS, and Azure.
> Please review and provide comments on the verbiage below and the redline
> changes in the document attached, and *if you would be willing to
> endorse this change in the upcoming ballot, please let me know*.
>
>
>
> */16.2 Signing Service Requirements/**//*
>
> The Signing Service MUST ensure that a Subscriber’s private key is
> generated, stored, and used in a secure environment that has controls to
> prevent theft or misuse. A Signing Service MUST enforce multi-factor
> authentication to authorize Code Signing and obtain a representation
> from the Subscriber that they will securely store the tokens required
> for multi-factor access. A system used to host a Signing Service MUST
> NOT be used for web browsing. The Signing Service MUST run a regularly
> updated antivirus solution to scan the service for possible virus
> infection. The Signing Service MUST comply with the Network Security
> Guidelines as a “Delegated Third Party”.
>
> For Code Signing Certificates, Signing Services shall protect private
> keys in a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques
> that may be used to satisfy this requirement include:
>
>
>
> 1. Use of an HSM, verified by means of a manufacturer’s certificate;
>
> 2. A hardware crypto module provided by the CA;
>
> 3. Contractual terms in the subscriber agreement requiring the
> Subscriber to protect the private key to a standard equivalent to FIPS
> 140-2 level 2 and with compliance being confirmed by means of an audit.
>
> 4. Cryptographic algorithms, key sizes and certificate life-times
> for both authorities and Subscribers are governed by the NIST key
> management guidelines.
>
> 5. A Cloud-based key protection solution with the following
> requirements enabled on the subscription, and a usage pattern as follows:
>
> /1. //A hardware crypto module with a unit design form factor
> certified as conforming to at least FIPS 140-2 Level 2, eIDAS Protection
> Profile: EN 419 221-5, or equivalent;/
>
> /2. //Key creation, storage, and usage of private key must remain
> within the security boundaries of the cloud solutions hardware crypto
> module;/
>
> /3. //Subscription must be configured to log access, operations,
> and configuration changes on the key. The configuration change log is
> available for audits./
>
>
>
> */16.3 Subscriber Private Key Protection/**//*
>
> For Code Signing Certificates, the CA MUST obtain a representation from
> the Subscriber that the Subscriber will use one of the following options
> to generate and protect their Code Signing Certificate private keys:
>
>
>
> 1. A hardware crypto module with a unit design form factor
> certified as conforming to at least FIPS 140-2 Level 2, eIDAS Protection
> Profile: EN 419 221-5, or equivalent;
>
>
>
> 2. A Cloud-based key protection solution with the following
> requirements enabled on the subscription, and a usage pattern as follows:
>
> /1. //A hardware crypto module with a unit design form factor
> certified as conforming to at least FIPS 140-2 Level 2, eIDAS Protection
> Profile: EN 419 221-5, or equivalent;/
>
> /2. //Key creation, storage, and usage of private key must remain
> within the security boundaries of the cloud solutions hardware crypto
> module;/
>
> /3. //Subscription must be configured to log all access,
> operations, and configuration changes on the key. The configuration
> change log is available for audits./
>
> / /
>
> 3. A type of hardware storage token with a unit design form factor
> of SD Card or USB token certified as conformant with FIPS 140 Level 2 or
> eIDAS Protection Profile: EN 419 221-5). The Subscriber MUST also
> warrant that it will keep the token physically separate from the device
> that hosts the code signing function until a signing session is begun.
>
>
>
> For Code Signing Certificates, CAs SHALL ensure that the Subscriber’s
> private key is generated, stored and used in a crypto module that meets
> or exceeds the requirements of FIPS 140-2 level 2, eIDAS Protection
> Profile: EN 419 221-5, or equivalent. Acceptable methods of satisfying
> this requirement include (but are not limited to) the following:
>
>
>
> 1. The Subscriber counter-signs certificate requests that can be
> verified by using a manufacturer’s certificate indicating that the key
> is managed in a suitable hardware module;
>
>
>
> 2. The Subscriber provides a suitable IT audit indicating that its
> operating environment achieves a level of security at least equivalent
> to that of FIPS 140-2 level 2, eIDAS Protection Profile: EN 419 221-5,
> or equivalent;
>
>
>
> 3. The Subscriber provides a suitable report of the cloud key
> protection solution subscription configuration protecting the key in
> hardware crypto module with a unit design form factor certified as
> conforming to at least FIPS 140-2 Level 2, eIDAS Protection Profile, EN
> 419 221-5, or equivalent.
>
>
>
>
>
> Thanks,
>
> Ian McMillan
>
> Microsoft
>
>
>
>
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
>
More information about the Cscwg-public
mailing list