[cabf_netsec] Threat model for "Root CA System" is ready for discussion

Wed Mar 7 08:33:12 MST 2018

On 7/3/2018 4:58 μμ, Robin Alden wrote:
>
> Hi Dmitris,
>
> Cell A2 says “HSM device (without the Root CA Keys) and HSM supporting 
> components (i.e. HSM PIN pads)”
>
> What does “Without the Root CA Keys” mean there?
>
> I ask because the compensating control in E3 says “Root CA key backups 
> are stored in a separate physical location for business continuity 
> purposes” – so that makes me think it does include root keys.
>
> But the compensating control in E6 says “Store the HSM device in an 
> "Air Gapped Zone"”, so that wouldn’t work for a production issuing CA 
> but would work for a root CA.
>

If I recall correctly, we described a situation where the Root Keys are 
not included in the HSM (they are deleted after being used and restored 
before they need to be used again). But, that probably needs to be 
ironed out. We could discuss on the next call. If Neil or anyone else 
recalls something different, please correct me.

Dimitris.

> Regards
>
> *Robin Alden*
>
> /CTO for SSL/
>
> *Email:*Robin.Alden at ComodoCA.com <mailto:Robin.Alden at ComodoCA.com>
>
> *Office:*+441274730505
>
> *Cell:*+447941847137
>
> This message and any files associated with it may contain legally 
> privileged, confidential, or proprietary information. If you are not 
> the intended recipient, you are not permitted to use, copy, or forward 
> it, in whole or in part without the express consent of the sender. 
> Please notify the sender by reply email, disregard the foregoing 
> messages, and delete it immediately.
>
> *From:*Netsec <netsec-bounces at cabforum.org> *On Behalf Of *Dimitris 
> Zacharopoulos via Netsec
> *Sent:* 14 February 2018 12:29
> *To:* CA/Browser Forum Network Security WG List <netsec at cabforum.org>
> *Subject:* [cabf_netsec] Threat model for "Root CA System" is ready 
> for discussion
>
> Dear NetSec WG members,
>
> The Network Security sub-group that worked towards a "Threat Analysis 
> for a Root CA System" has completed its work. We examined threats and 
> vulnerabilities in Root CA Management Systems and recommended 
> compensating controls to minimize these risks.
>
> We also did a mapping to existing Network Security Requirements 
> controls that describe similar compensating controls. Wherever we 
> introduced new controls that do not exist in the current Network 
> Security Requirements, we provided a recommendation for "SHOULD" or 
> "MUST".
>
> You can find this work at the following spreadsheet:
>
>   * https://docs.google.com/spreadsheets/d/16kRPobK31Qb7L4ooq4SJE6K6OmfPOizdtV9M-m475WU
>
> This is not an exhaustive list of threats or vulnerabilities but 
> enough to justify some existing Network Security Requirements and some 
> critical risks. We recommend members to examine this spreadsheet and 
> give us feedback about whether this "threat analysis" approach is 
> useful (or not) and if it should be expanded to the online CA 
> Management Systems as well (or not). We also welcome comments about 
> specific items of the spreadsheet.
>
> We would like 15-20 minutes on tomorrow's call to present the results 
> of our work.
>
> I would like to thank everyone who volunteered to this sub-group and 
> provided their expert opinion. We will leave the sub-group calendar 
> invitation and webex room open for possible future calls, but until we 
> get some feedback from the larger group we consider our work complete 
> at this point. We will also have the opportunity to expand more at the 
> next face-to-face meeting.
>
>
> Thank you,
> Dimitris Zacharopoulos.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180307/47bf4c9b/attachment-0001.html>