[Servercert-wg] Ballot SC40v3: Security Requirements for Air-Gapped CA Systems

Ben Wilson bwilson at mozilla.com
Mon Mar 29 22:28:51 UTC 2021


I let Ballot SC40v3 fail per the 21-day limit in section 2.3 of the Bylaws,
which I believe is too short because it didn't provide me with sufficient
time to work through the difficult wording issues. The next time we
re-visit the Bylaws, I'll support a revision making it a 30-day period or

Meanwhile, I am thinking about changing the concept from offline "CA
System" to offline "Hardware Security Module."  We didn't yet define "CA
System". We also haven't addressed deactivated partitions on an HSM and
whether those are considered "offline".  So we have more work to do.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210329/313a2ef9/attachment.html>

More information about the Servercert-wg mailing list