[Cscwg-public] Final minutes of CSCWG Call March 25, 2021

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Apr 20 10:33:30 UTC 2021

On 8/4/2021 7:20 μ.μ., Dean Coclin via Cscwg-public wrote:
> oBack to the key protection change with cloud-based solution in CSC-6
> §The group is okay with the current key protection language Ian proposed
> §Second part on key protection verification is the harder part…
> ·Counter-signed CSRs with manufacture's certificates is extremely rare
> ·Great solution, maybe the best means, but not broadly available
> ·No one knows why this is rare, and may be only because it is a recent 
> trend
> ·CA's shipping suitable hardware crypto module should state with or 
> *without *pre-installed keys
> ·Shipping without pre-installed keys is better option

While reviewing the minutes of this WG meeting, I was curious about the 
rationale behind "shipping without pre-installed keys is better option". 
Can Members that supported this opinion provide more feedback?

> §Need to have multiple options to help satisfy the requirements
> §Suitable IT audit gives a lot of flexibility
> ·Tim Crawford never encounters this as an acceptable means to 
> satisfying the requirements

If this is not used, the best way forward is to remove this from the CSBRs.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210420/e9b32a11/attachment.html>

More information about the Cscwg-public mailing list