Ballot CSC-24 - Timestamping Private Key Protection

Ballot overview

• Ballot CSC-24, Timestamping Private Key Protection, proposed updates to the Code Signing Baseline Requirements version 3.7.
• The ballot aimed to:
  • Require private keys for newly issued Timestamp Authority Subordinate CAs to be stored in offline HSMs.
  • Require newly issued Timestamp Certificates to be issued from a TSA CA whose private key is stored in offline HSMs.
  • Require removal of private keys associated with Timestamp Certificates after 18 months.
  • Require rejection of SHA-1 timestamp requests.

Voting result

• The ballot failed because there were not enough Certificate Consumer votes to pass the ballot.
• The page states the ballot FAILS.

Requirements shown in the redline

• Effective April 15, 2025, a Timestamp Authority must generate and protect private keys associated with its Root CA certificates and new Subordinate CA certificates with a validity period greater than 72 months containing the id-kp-timeStamping EKU in a Hardware Crypto Module, maintained in a High Security Zone and in an offline state or air-gapped from all other networks.
• Timestamp Certificates issued on or after April 15, 2025, issued by a Timestamp Authority Subordinate CA with a validity period greater than 72 months, must be signed by a private key generated and protected in a Hardware Crypto Module, maintained in a High Security Zone and in an offline state or air-gapped from all other networks.
• The Timestamp Certificate validity period must not exceed 135 months.
• The Timestamp Certificate key pair must meet the key size requirements in section 6.1.5.
• The CA or Timestamp Authority must not use a private key associated with a Timestamp Certificate more than 15 months after the notBefore date of the Timestamp Certificate.
• Effective April 15, 2025, private keys associated with Timestamp Certificates issued for greater than 15 months must be removed from the Hardware Crypto Module within 18 months after issuance.
• For Timestamp Certificates issued on or after June 1, 2024, the CA must log the removal of the private key from the Hardware Crypto Module through a key deletion ceremony performed by the CA and witnessed and signed off by at least two Trusted Role members.
• The CA may perform a key destruction ceremony to satisfy the removal requirement.
• The CA may maintain existing backup sets containing the private key corresponding to a Timestamp Certificate, but should not restore it if the certificate was issued more than 15 months before restoration.
• If such a private key is restored, it must be restored only in a suitable HSM in a High Security Zone and in an offline state or air-gapped from all other networks, and a new key destruction ceremony must be performed before the HSM is brought online.
• The Timestamp Authority must reject timestamp requests signed with SHA-1 digest algorithms.

Outcome

• Because the ballot failed, the proposed requirements never became normative.