[caops-wg] OCSP section 5.1 - key protection

[Olle Mulmo]

> *5.1
> While we do not require the use of hardware protection,
> we RECOMMEND that the security of the OCSP responder key
> be in parity with the CA issuing key.
>
> [This is a meaningless recommendation, because we have no single
> standard for CA issuing keys.  Also, there are differences in the
> way OCSP and CA issuers are handled - you can change the OCSP
> key pair every hour if you want.  Disagree about HSM.

Reading the text again, I realize that I had Authorized responders in 
mind. What the text says is that there should some correlation between 
how securely you operate your CA, and how securely you provide current 
status of those certificates. This comment should be expanded and moved 
elsewhere.

I have no problems adding your suggested text:

> Access to OCSP responder keys  must be carefully controlled.
> In all cases system level access to OCSP responder systems must
> be limited and logged.    Access to key backup media must also
> be limited and logged.   For OCSP responders using software crypto
> stores, we recommend that this key NOT be backed up.  We also
> recommend the key be changed more frequently than end user signing 
> keys.
> These steps can reduce but not eliminate the demand for hardware
> crypto stores; hardware security modules should be used for high
> visibilty OCSP responders (see also prev paragraph?).
> Service providers should also consider transponder configurations
> to reduce the number of highly secured OCSP responder keys needed.