[Servercert-wg] [EXTERNAL] Re: Ballot SC40v3: Security Requirements for Air-Gapped CA Systems
Mike Reilly (SECURITY)
Mike.Reilly at microsoft.com
Wed Mar 31 21:05:01 UTC 2021
Thanks for the update Ben. I had some additional feedback from within Microsoft to consider when this is brough up again:
* In the definition of the Security Support System, the word “reduction” is used. I think the word we want in relation to logging is “retention”.
* 5.1.6 refers to the “principle of least privilege”. Is there a definition or discussion of this principle somewhere else in the requirements. Without something to make it concrete, I don’t know how there could be any specific audit requirement to meet because it is very subjective in nature. Although I totally agree that we should observe this principle because it is a core component of security I don’t know how one can objectively evaluate whether it is observed or not. All of the other requirements listed are easily auditable but this one not as much.
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Ben Wilson via Servercert-wg
Sent: Monday, March 29, 2021 3:29 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [EXTERNAL] Re: [Servercert-wg] Ballot SC40v3: Security Requirements for Air-Gapped CA Systems
I let Ballot SC40v3 fail per the 21-day limit in section 2.3 of the Bylaws, which I believe is too short because it didn't provide me with sufficient time to work through the difficult wording issues. The next time we re-visit the Bylaws, I'll support a revision making it a 30-day period or greater.
Meanwhile, I am thinking about changing the concept from offline "CA System" to offline "Hardware Security Module." We didn't yet define "CA System". We also haven't addressed deactivated partitions on an HSM and whether those are considered "offline". So we have more work to do.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg