[Cscwg-public] Final minutes of CSCWG F2F Meeting October 26, 2022

Dean Coclin dean.coclin at digicert.com
Thu Dec 15 17:36:19 UTC 2022 

CSCWG Meeting

Leader: Dean Coclin (DigiCert) 
Minutes: Tim Callan (Sectigo) 

Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller
(SwissSign), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Brianca
Martin (Amazon), Bruce Morton (Entrust), Chris Clements (Google), Christophe
Bonjean (GlobalSign), Corey Bonnell (DigiCert), Dean Coclin (DigiCert),
Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Eva van
Steenberge (Globalsign), Ian McMillan (Microsoft), Inaba Atsushi
(GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Jeremy
Rowley (DigiCert), Joanna Fox (TrustCor Systems), Joris Minolla (D-Trust),
Jozef Nigut (Disig), JP Hamilton (Cisco Systems),  Li-Chun Chen (Chunghwa
Telecom), Lynn Jeun (Visa), Marcelo Silva (Visa), Marco Schambach
(IdenTrust), Martijn Katerbarg (Sectigo), Michael Sykes (SSL.com), Nargis
Mannan (SecureTrust), Nick France (Sectigo), Nikolaos Soumelidis (ACAB
Council), Rollin Yu (TrustAsia Technologies, Inc.), Stephen Davidson
(DigiCert), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems),
Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (DigiCert),
Tomas Gustavsson (PrimeKey), Trevoli Ponds-White (Amazon), Vijayakumar
(Vijay) Manjunatha (eMudhra), Yoshiro Yoneya (Japan Registry Services)

Discussion 

Signing Models 

. Subscriber uses token or server HSM verification 

. Subscriber uses cloud service verification 

. Signing service hosts HSM - audit 

. Signing service hosts HSM with protected private keys in cloud service -
audit except cloud service 

. Signing service uses cloud service to generate and store private key s-
audit except cloud service 

Bruce Morton (Entrust): Third is easiest to tackle. We have to figure out
how to audit these. Clarification - it's subscriber keys. 

Tim Hollebeek (DigiCert): Applying NCSSRs as currently written for key
protection is between problematic and impossible. Adopting the NCSSRs is
hard. For 4, there is difficulty in the audit. How do I audit what the cloud
service does? 

Jeremy Rowley (DigiCert): DigiCert mostly relies on cloud service providers'
SOC audit and then looks at the configuration of services 

Ian McMillan (Microsoft): All public cloud has stated and confirmed
FIPS-140-2 or -3. 

Jeremy: Rely on this certification of the audit. Same as relying on
certification of HSM hardware requirement. 

For cloud: 

1. Key creation and storage must remain in this cloud's bounds 

2. Access is secure and proper 

This isn't in standard reports like SOC 2. 

Doug Beattie (GlobalSign): Maybe we need to say what do we want from the
signing service. 

Dimitris Zacharopoulos (HARICA): What if a cloud provider could get a
WebTrust for CA audit? We think this will be difficult. 

Nick France (Sectigo): Differentiate between who operates the service, like
a CA or a third party, e.g. a partner or customer. We need some assurance
these keys are being used correctly. 

Ian: Or should all signing services be trusted as a third party? 

Jeremy: But that would prevent a lot of reuse of WebTrust. 

Tim: Don't turn the easy case into the hard case. 

Jeremy: Third party is hard to detect and hard to enforce. 

Bruce: We need to think through: 1. What requirements do they have to meet?
2. Differentiate between CAs and third parties 

Dimitris: We have not yet received feedback from auditors as this is recent.


Doug: We can decide what we want audited. 

Dimitris: The fourth and fifth bullets are based on real industry behavior. 

Martijn Katerbarg (Sectigo): How will CAs know a signing service is being
used? Is this honor based? 

Dimitris: Yes, it's self-declared. 

Jeremy: it's an issue that we're relying on them to tell us. We should focus
first on the CA case. This is a blurry line. 

Signing Service Requirements 

. Generation Subscriber Key Pair in hardware crypto module 

. Operate the hardware crypto module to a standard 

. Provide the Subscriber secure access to activate their Private Key for
signing 

Doug: Have hardware crypto module and operate it to some standard. Provide
subscriber secure access to activate private key for signing. What else? 

Ian: Full transparency on what was sighed (to subscriber, not CA). No limits
on what can be signed, just logged. 

Dimitris: But today these could happen without us knowing. Maybe we remove
signing services from the BRs and be done with it. 

Ian: Customers like this because they don't have to do all the tricky PKI
stuff. 

Jeremy: Some customers want to import/export keys. 

Trevoli Ponds-White (Amazon): Processing. 

Bruce: But we don't want keys to be imported. 

Martijn: What is the definition of importing and exporting? Can I backup? 

Trev: Backup would have different requirements. 

Signing Service - Cloud-based Key Generation 

. Cloud-based key generation is allowed 

. How do we determine what cloud-based key generation is? 

. Can the CA provide cloud-based key generation? 

. If the CA provides cloud-based key generation, then what audit
requirements apply? 

Bruce: What is cloud-based versus not? How does the CA know? How do you
apply it? 

Jeremy: If CA controls the hardware, it's not cloud based. 

Dimitris: We have requirements on this in section 6.2.7.3. In all cases, CA
needs some kind of report, so you can rely on them. 

Inigo Barreira (Sectigo): ETSI has no distinction between cloud-based and on
prem. 

Bruce: Propose moving on drafted ballot and then go after these hard
questions in phases. 

Two-year Goals 

Ian: Candidates to add: 

1. Max validity period. Should we reduce it? 39 months now. 

2. IS there a better way to enable short lived certs? 

3. CT for code signing. 

Why to reduce from 39 months: They have signed too much code for a
revocation action. We need the ability to be more surgical in revocations.
Revoking a cert can be difficult because of the impact. 

Tim: For short lived certs, we need validation of authority. This is the
only roadblock. We should fix it. 

Ian: CT logging is hard. Issue is different from what it was used to sign.
It's missing a hugely important piece. 

Dimitris: Harmonization of CA quality is the most obvious benefit for me. 

Jeremy: You can detect CA hopping with CT logs. And log revocation reason
codes. 

Tim: It also solves the problem of CAs not knowing about certs from known
bad actors. 

Time ended and meeting was adjourned.

 

Dean Coclin

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20221215/5ba37028/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4916 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20221215/5ba37028/attachment-0001.p7s>

More information about the Cscwg-public mailing list