Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amend BRs to Clarify Auditing of "Parked" CA Keys #417

Open
BenWilson-Mozilla opened this issue Jan 26, 2023 · 1 comment
Open

Amend BRs to Clarify Auditing of "Parked" CA Keys #417

BenWilson-Mozilla opened this issue Jan 26, 2023 · 1 comment
Labels
backlog baseline-requirements Server Certificate CWG - Baseline Requirements

Comments

@BenWilson-Mozilla
Copy link
Contributor

CAs create keys in a Key Ceremony (often with a Key Generation report) but might not be aware that key storage needs to be audited continuously with no gaps--for instance, with "parked" CA keys (CA keys that have not had a corresponding CA certificate issued). Currently, audits contain a list of names and SHA256 hashes of CA certificates that are in scope. But what about "parked" keys? The BRs should be amended to make it clear that period-of-time audits need to identify parked CA keys, too.
@BenWilson-Mozilla
Copy link
Contributor Author

@bcmorton provided me with an example that has been helpful. Anyone else with contributions to my understanding of this issue is invited to send them to me.

@BenWilson-Mozilla BenWilson-Mozilla added baseline-requirements Server Certificate CWG - Baseline Requirements backlog labels Jul 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog baseline-requirements Server Certificate CWG - Baseline Requirements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BenWilson-Mozilla