[Cscwg-public] Final minutes of CSCWG Call March 25, 2021
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Apr 20 10:33:30 UTC 2021
On 8/4/2021 7:20 μ.μ., Dean Coclin via Cscwg-public wrote:
>
> oBack to the key protection change with cloud-based solution in CSC-6
>
> §The group is okay with the current key protection language Ian proposed
>
> §Second part on key protection verification is the harder part…
>
> ·Counter-signed CSRs with manufacture's certificates is extremely rare
>
> ·Great solution, maybe the best means, but not broadly available
>
> ·No one knows why this is rare, and may be only because it is a recent
> trend
>
> ·CA's shipping suitable hardware crypto module should state with or
> *without *pre-installed keys
>
> ·Shipping without pre-installed keys is better option
>
While reviewing the minutes of this WG meeting, I was curious about the
rationale behind "shipping without pre-installed keys is better option".
Can Members that supported this opinion provide more feedback?
> §Need to have multiple options to help satisfy the requirements
>
> §Suitable IT audit gives a lot of flexibility
>
> ·Tim Crawford never encounters this as an acceptable means to
> satisfying the requirements
>
If this is not used, the best way forward is to remove this from the CSBRs.
Thanks,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210420/e9b32a11/attachment.html>
More information about the Cscwg-public
mailing list