Cloud Key Management

  • 1.  Meeting Minutes 12th April+Reminder of tomorrow's WG call.

    Posted Apr 18, 2023 01:47:00 PM

    Dear members,

    These are the minutes describing the 12th April call of the working group:

    Discussion:

    • Aakash Shah mentioned that he has no more bandwidth to contribute at the time being.
    • Sam Pfanstiel expressed the desire of the HSM document reflecting various degrees of controls and depict its difference from traditional models.
    • Use cases specification: Use cases that show the use of cloud cryptographic services where MORE control of the HSM itself is required.
    • Tim Winston proposed the idea of a 'Shared Responsibility' slider, which the WG liked and accepted.
    • Increased management access/Increased authority access to be introduced in the executive summary.
    • Iain Beveridge provided the link to a blog post he had written regarding Key Mgmt Considerations: https://www.entrust.com/blog/2021/12/ownership-control-and-possession-options-for-key-management-in-the-cloud/

    Previous action items:

    • Partha and Alex to provide feedback to the presentation from the DLT/Blockchain WG leadership, on the Framework for Digital Certification Governance Security Recommendations.  (Link to the recommendations document: https://docs.google.com/spreadsheets/d/1iJ9yvX7JMCunld10ct-ickhTfg4TDPFR/edit#gid=632422826) - PENDING
    • Create an initial timeline for the first document draft for both documents. - PENDING
    • Quickly review the written content on both documents. - PENDING
    • Assign new authors to new sections in both documents. - DONE
    • Iain to repurpose and create the KM lifecycle diagram according to section 2 in the KM document. - PENDING
    • Sam to develop section 1 (1.2 and 1.3 and 1.4) of the HSM-as-a-Service document. - PENDING
    • Tim to work on the PIN (Priority number: 1) and the P2PE Use Case (Priority number: 2), of the HSM-as-a-Service document. - PENDING
    • Thanos on the Signing Services Use Case  (Priority number: 3) of the HSM-as-a-Service document. - DONE
    • Thanos to work on section 5: HSM Hardware - HSM definition and Types. - Partially Pending

    New action items:

    HSM-as-a-Service document:

    • Partha to provide an intro paragraph on section 6. Security Considerations, for which he is lead author.
    • Thanos ( @Thanos Vrachnos) to write section 5.1 and 5.2 (Intro to HSM and Types of HSM respectively)
    • Sam ( @Sam Pfanstiel) to develop section 1 (1.2 and 1.3 and 1.4) in paragraph form.
    • Thanos ( @Thanos Vrachnos) to work on section 5.2: HSM Types
    • Tim ( @Tim Winston) to work on the PIN (Priority number: 1) and the P2PE Use Case (Priority number: 2)

    Key Mgmt Lifecycle Best Practices document:

    • Partha to review the sections that are populated (respectively: section 2 with 2.2, 2.3, 2.4, 2.5, 2.6, and 3.2.1)
    • Santosh ( @Santosh Bompally) to add an introduction paragraph to section 2.6 describing how it relates to what you are presenting below.
    • Thanos ( @Thanos Vrachnos) to please review section 2.2 and 2.4 and 2.5
    • Vrettos ( @Vrettos Moulos) to please review section 2.5
    • Santosh ( @Santosh Bompally) to write section 3.2.4-Key Storage
    • Sam ( @Sam Pfanstiel), will write section 3.2.7-Key Auditing
    • Alex ( @Alex Sharpe) will include Crypto Agility in 2.1-KMS Overview

    NEXT WORKING GROUP CALL: WEDNESDAY, 19 APRIL.

    Time: 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 17:00 CET

    URL: https://zoom.us/j/93617880747  (Meeting ID: 936 1788 0747)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------


  • 2.  RE: Meeting Minutes 12th April+Reminder of tomorrow's WG call.

    Posted Apr 19, 2023 03:20:00 AM
    Edited by Thanos Vrachnos Apr 19, 2023 03:20:31 AM

    @Marina Bregkou regarding the review of sections 2.2, 2.4 & 2.5 (Key Mgmt Lifecycle doc), I have finished the review 2 weeks ago.



    ------------------------------
    Thanos Vrachnos OffensiveOps | PKI & eID Subject-matter Expert
    SPEARIT
    ------------------------------



  • 3.  RE: Meeting Minutes 12th April+Reminder of tomorrow's WG call.

    Posted Apr 19, 2023 05:37:00 AM

    Thank you Thanos!

    I'll mark it as 'Done'.

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------