- 6. TECHNICAL SECURITY CONTROLS
- 6.1 Key pair generation and installation
- 6.2 Private Key Protection and Cryptographic Module Engineering Controls
- 6.2.1 Cryptographic module standards and controls
- 6.2.2 Private key (n out of m) multi-person control
- 6.2.3 Private key escrow
- 6.2.4 Private key backup
- 6.2.5 Private key archival
- 6.2.6 Private key transfer into or from a cryptographic module
- 6.2.7 Private key storage on cryptographic module
- 6.2.8 Method of activating private key
- 6.2.9 Method of deactivating private key
- 6.2.10 Method of destroying private key
- 6.2.11 Cryptographic Module Rating
- 6.3 Other aspects of key pair management
- 6.4 Activation data
- 6.5 Computer security controls
- 6.6 Life cycle technical controls
- 6.7 Network security controls
- 6.8 Time-stamping
6. TECHNICAL SECURITY CONTROLS
6.1 Key pair generation and installation
6.1.1 Key pair generation
CA private keys are generated by HSMs meeting the requirements of Section 6.2.1. This occurs during a ceremony meeting the requirements of this CPS and the accompanying CP.
Subscriber key pairs are generated and managed by Subscribers. Generation and management of Subscriber key pairs must be done in compliance with the terms of the CA Subscriber Agreement and ISRG CPS Section 9.6.3.
6.1.2 Private key delivery to subscriber
ISRG never generates or has access to Subscriber Private Keys.
6.1.3 Public key delivery to certificate issuer
Subscriber Public Keys are communicated to ISRG electronically via the ACME protocol.
6.1.4 CA public key delivery to relying parties
ISRG Public Keys are provided to Relying Parties as part of browser, operating system, or other software trusted root certificate lists.
ISRG Public Keys are also available on ISRG websites such as letsencrypt.org.
6.1.5 Key sizes
ISRG CA root Private Keys are RSA keys at least 4096 bits in length.
ISRG CA intermediate Private Keys are RSA keys at least 2048 bits in length.
6.1.6 Public key parameters generation and quality checking
ISRG uses HSMs conforming to FIPS 186-4, capable of providing random number generation and on-board creation of at least 2048-bit RSA keys.
Per Section 5.3.3, NIST SP 800‐89, the CA ensures that the public exponent of the RSA Keys for a DV-SSL Certificates is in the range between 216+1 and 2256-1. The moduli are an odd number, not the power of a prime, and have no factors smaller than 752.
6.1.7 Key usage purposes (as per X.509 v3 key usage field)
See Section 7, Certificate Profiles.
6.2 Private Key Protection and Cryptographic Module Engineering Controls
6.2.1 Cryptographic module standards and controls
ISRG uses HSMs meeting FIPS 140-2 Level 3 (or higher) requirements.
6.2.2 Private key (n out of m) multi-person control
ISRG has put into place security mechanisms which require multiple people performing in Trusted Roles in order to access CA Private Keys, both physically and logically. This is true for all copies of Private Keys, in production or backups, on-site or off-site.
6.2.3 Private key escrow
ISRG does not escrow CA Private Keys and does not provide such a service for Subscribers.
6.2.4 Private key backup
Critical ISRG Private Keys are backed up both on-site and off-site, in multiple geographic locations, under multi-person control.
6.2.5 Private key archival
ISRG does not archive private keys.
6.2.6 Private key transfer into or from a cryptographic module
ISRG CA Private Keys are generated inside HSMs and are only transferred between HSMs for redundancy or backup purposes. When transferred, keys are encrypted prior to leaving HSMs and unwrapped only inside destination HSMs. Keys never exist in plain text form outside of HSMs.
6.2.7 Private key storage on cryptographic module
ISRG CA Private Keys are stored on HSMs meeting the requirements stated in Section 6.2.1.
6.2.8 Method of activating private key
ISRG CA Private Keys are always stored on HSMs and activated using the mechanisms provided by the HSM manufacturer. Activation data and devices are protected.
6.2.9 Method of deactivating private key
ISRG CA Private Keys are always stored on HSMs and deactivated using the mechanisms provided by the HSM manufacturer.
6.2.10 Method of destroying private key
ISRG CA Private Keys are destroyed by Trusted Contributors using a FIPS 140-2 (or higher) validated zeroize method provided by the HSMs storing the keys. Physical destruction of the HSM is not required.
Subscribers are obligated to securely destroy private keys when they should no longer be used, in most cases by securely deleting all copies of private key files from storage media.
6.2.11 Cryptographic Module Rating
See Section 6.2.1.
6.3 Other aspects of key pair management
6.3.1 Public key archival
See Section 5.5.
6.3.2 Certificate operational periods and key pair usage periods
The lifetimes of ISRG Root CA certificates are specified in Section 1.1. Corresponding key pairs have the same lifetimes.
End-entity certificates issued by ISRG to Subscribers shall have a validity period less than 100 days. Subscriber key pairs may be re-used indefinitely provided that there is no suspicion or confirmation of Private Key compromise.
6.4 Activation data
6.4.1 Activation data generation and installation
Activation data used to activate CA Private Keys is generated during a key ceremony. Activation data is transferred to the person who will use it, or place it will be stored, in a secure fashion.
6.4.2 Activation data protection
Activation data is protected from unauthorized disclosure via a combination of physical and logical means.
6.4.3 Other aspects of activation data
No stipulation.
6.5 Computer security controls
6.5.1 Specific computer security technical requirements
ISRG CA infrastructure and systems are appropriately secured in order to protect CA software and data from unauthorized access or modification. Access to systems is secured via multi-factor authentication whenever possible. Security updates are applied in a timely fashion. Vulnerability scans are run regularly.
6.5.2 Computer security rating
No stipulation.
6.6 Life cycle technical controls
6.6.1 System development controls
ISRG has developed policies and procedures to effectively manage the acquisition and development of its CA systems.
ISRG CA hardware and software is dedicated solely to performing CA functions.
Vendor selection includes an evaluation of reputation in the market, ability to deliver a quality product, vulnerability history, and the likelihood of remaining viable in the future. Purchases are made in such a way that as little information about the future use of products as possible is disclosed. Physical product deliveries are received by Trusted Contributors and inspected for evidence of tampering. HSMs are shipped in tamper-evident packaging and tamper bag serial numbers are confirmed with the vendor upon reception.
ISRG maintains a CA testing environment separate from the production environment. The testing environment matches the production environment as closely as reasonably possible but does not have access to CA Private Keys used in trusted certificates. The purpose of this testing platform is to allow extensive but safe testing of software and systems that are or will be deployed to the CA production environment.
ISRG has developed and maintains appropriate change control policies and procedures to be followed any time CA systems are modified. Changes to ISRG CA systems require review by qualified Trusted Personnel who are different from the person requesting the change. Change requests are documented, as are any subsequent required reviews or approvals.
When ISRG develops software to be used in CA operations, software development policies are put into place and methodologies are followed in order to ensure software quality and integrity. This always includes a requirement for peer review of code changes. Unit testing is strongly encouraged. Code commit privileges are granted only to qualified and trusted contributors. Nobody with the ability to deploy software to ISRG PKI systems (e.g. Systems Administrators) may have the ability to commit code to core CA software. The reverse is also true.
6.6.2 Security management controls
ISRG has mechanisms in place to control and monitor security-related configuration of CA systems. Equipment and software is installed and configured using a documented change control process. Software integrity is verified upon deployment using checksums.
6.6.3 Life cycle security controls
No stipulation.
6.7 Network security controls
ISRG implements reasonable network security safeguards and controls to prevent unauthorized access to CA systems and infrastructure. ISRG’s network is multi-tiered and utilizes the principle of defense in depth.
Firewalls and other critical CA systems are configured based on a necessary-traffic-only whitelisting policy whenever possible.
ISRG root CA Private Keys are stored offline in a secure manner.
6.8 Time-stamping
See Section 5.5.5.