[Cscwg-public] Timestamp Certificate and SubCA updates

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Sun Mar 10 09:30:17 UTC 2024 

Hi Martijn,

Two suggestions submitted on GitHub.

Regarding the prohibition of restoring a private key of a Timestamp 
Certificate, I'm not sure how universal this can be because some HSMs 
restore an entire slot/partition, which might contain Private Keys 
associated with obsolete Timestamp Certificates. As the ballot is 
written, such an action would be a violation.

In general, a "key destruction" ceremony includes the deletion of all 
copies of the key, including copies that reside in backups. If we 
require a "key destruction" ceremony, the "restore key" case is 
nonsensical. We probably need to work on this some more so that we all 
have the same understanding and expectations.

Let me restate the intent of this requirement as discussed all this 
time, and please correct me if I'm wrong.

IMO, the goal is to put the keys associated with Timestamp Certificates 
out of use, 15 months after the /notBefore /of the Timestamp Certificate.

In order to achieve some level of assurance for this action, the 
proposal is to delete the keys from the HSM 18 months after the 
/notBefore /of the Timestamp Certificate, in an audited way, witnessed 
by members of two different Trusted Roles (not by two Trusted Role 
Members, i.e. you can't use two persons of the same Trusted Role).

It's ok to keep the keys in backups but if you happen to restore them in 
an HSM, you must not use them to sign anything. If a CA/TSA can also 
"destroy" the key, meaning that all copies of that private key can be 
unequivocally/securely deleted (i.e. without a way to recover the key), 
including any instance of the key as part of a backup, the better!

Thoughts?

Dimitris.


On 6/3/2024 2:07 μ.μ., Martijn Katerbarg via Cscwg-public wrote:
>
> All,
>
> As discussed last week, I’d send out the draft language for this 
> ballot once more before starting the discussion period.  The latest 
> version can be found in https://github.com/cabforum/code-signing/pull/34
>
> I’ve made changes this morning to add 3 effective dates, these are:
>
>   * For the removal of private keys associated with timestamp
>     certificates, effective June 1^st , 2024, CAs will need to
>     properly log the removal of said key.
>       o While I expect CAs to already properly log this for audit
>         purposes even now, there may be exceptions for when this has
>         not been done,  for example a private key or timestamp
>         certificate that was signed maybe 20 years ago. This language
>         is added to avoid any confusion on from what point there needs
>         to be an audit trail
>   * Effective April 15, 2025, private keys associated with SubCAs
>     containing the “Time Stamping” EKU will need to be placed in
>     offline HSMs.
>       o I believe a roughly one year effective date is appropriate
>         here, since CAs may need to move keys from one HSM to another.
>   * For private keys associated with timestamp certificates that were
>     issued for greater than 15 months, CAs will need to remove the
>     private keys 18 months after certificate issuance, starting April
>     15, 2025.
>       o Likewise, I feel like anything involving HSM process changes,
>         should have a longer effective date, and it makes sense to
>         align this with the effective date above.
>
> I’ll start a ballot on this early next week, unless there is concern 
> with the above.
>
> Regards,
>
> Martijn
>
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20240310/ab434507/attachment-0001.html>

More information about the Cscwg-public mailing list