Los encuentros (y sus relatos)
3.2 LOS RELATOS DE LOS ESTUDIANTES
This section provides the requirements, guidelines, and/or examples related to the Digital Certificate management process and policy.
5.1 DOCSIS Root CA
The DOCSIS Root CA issues two kinds of the digital certificates as specified by the BPI+ specification. One is the Manufacturer CA Certificate embedded in the DOCSIS 1.1 compliant CM and verified by the CMTS in order to authenticate the CM during the CM initialization when the CM is provisioned to enable BPI+. The other is the Manufacturer Code Verification Certificate (CVC) embedded in the CM Code File and verified by the CM in order to authenticate the CM Code File during the Secure Software Downloading regardless of whether the BPI+ is provisioned or not.
The legitimate DOCSIS Root CA Certificate needs to be delivered to the cable operators and/or the CMTS vendors because the legitimate DOCSIS Root CA Certificate MUST be provisioned in the CMTS in order to realize the correct CM Authentication. The legitimate DOCSIS Root CA Certificate also needs to be
delivered to the CM vendors because the legitimate DOCSIS Root CA Public Key extracted from the legitimate DOCSIS Root CA Certificate MUST be embedded in the CM in order for the CM to verify the CVC in the CM Code File. Since the DOCSIS Root CA Certificate is not a secret, the DOCSIS Root CA MAY disclose the DOCSIS Root CA Certificate to any organization including the cable operators, the CMTS vendors, and the CM vendors.
5.2 Digital Certificate Validity Period and Re-issuance
5.2.1 DOCSIS Root CA Certificate
The validity period of the DOCSIS Root CA Certificate is 30 years. The re-issuance process is TBD. 5.2.2 DOCSIS Manufacturer CA Certificate
When the DOCSIS Root CA newly issues the DOCSIS Manufacturer CA Certificate,
the tbsCertificate.validity.notBefore MUST be the actual issuance date and time, and
tbsCertificate.validity.notAfter MUST be the actual issuance date and time plus 20 years.
Before the DOCSIS Manufacturer CA Certificate expires, the certificate with the same information except the tbsCertificate.validity.notAfter and tbsCertificate.serialNumber needs to be re-issued. The DOCSIS 1.1 compliant CM vendors MUST obtain the re-issued DOCSIS Manufacturer CA Certificate from the DOCSIS Root CA at least two years before the tbsCertificate.validity.notAfter value of the current DOCSIS
Manufacturer CA Certificate.
When the DOCSIS Root CA re-issues the DOCSIS Manufacturer CA Certificate, the following attribute values MUST be the same with the current DOCSIS Manufacturer CA Certificate:
• tbsCertificate.issuer • tbsCertificate.subject
• tbsCertificate.subjectPublicKeyInfo
5.2.3 DOCSIS CM Certificate
The requirements for the DOCSIS CM Certificate including the validity period are specified by the BPI+ specification.
5.2.4 DOCSIS Code Verification Certificate
When the DOCSIS Root CA newly issues the DOCSIS Manufacturer Code Verification Certificate (CVC), the following conditions apply:
• the tbsCertificate.validity.notBefore MUST be the actual issuance date and time
• tbsCertificate.validity.notAfter MUST NOT exceed the actual issuance date and time by 10 years, and MUST be valid at least 2 years from the actual issuance date.63
Before the DOCSIS Manufacturer CVC expires, the certificate with the same information except the
tbsCertificate.validity.notBefore, the tbsCertificate.validity.notAfter and tbsCertificate.serialNumber needs to be re-issued. The DOCSIS 1.1 compliant CM vendors MUST obtain the re-issued DOCSIS Manufacturer CVC from the DOCSIS Root CA at least 6 months before the tbsCertificate.validity.notAfter value of the current DOCSIS Manufacturer CVC.
: When the DOCSIS Root CA re-issues the DOCSIS Manufacturer CVC, the following attribute values MUST be the same as the current DOCSIS Manufacturer CVC:
• tbsCertificate.issuer • tbsCertificate.subject64
As well, the tbsCertificate.validity.notBefore MUST be between the tbsCertificate.validity.notBefore value of the current DOCSIS Manufacturer CVC, and the actual issuance date and time. In addition, the
tbsCertificate.validity.notAfter MUST be the actual re-issuance date and time plus 2 to 10 years.65
5.3 CM Code File Signing Policy
The CM vendor and the cable operator can control the Secure Software Download process based on their policy by updating the Manufacturer/Co-Signer CVC and/or by changing the signingTime in the
Manufacturer/Co-Signer CVS (Code Verification Signature). At this time, the DOCSIS 1.1 specifications don’t specify the policy related to the CM Code File signing process. However, an example of the policy is specified in this section.
5.3.1 Manufacturer CM Code File Signing Policy
The DOCSIS 1.1 compliant CM vendor and its Manufacturer Code Signing Agent (Mfg CSA), which securely stores the RSA private key corresponding to the RSA public key in the Manufacturer CVC and generates the CVS for the CM Code File, MAY employ the following policy for the CM Code File signing process.
The Mfg CSA continues to put the exact same date and time value (T1) in the signingTime field in the Mfg CVS of the CM Code File as long as the vendor does not have any CM Code File to revoke.
63
Revised bulleted statement per ECN OSS-N-02204 by GO on 11/12/02.
64
Revised the preceeding paragraph and bulleted list per ECN OSS-N-03054 by GO on 06/04/03.
65
Once the vendor realizes the certain issues in one or more CM Code File(s) and wants to revoke them, the vendor choose the current date and time value (T2) and starts using T2 as the signingTime value in the Mfg CVS for all the newly created CM Code File from that point. In addition, re-sign all the good old CM Code Files using the T2.
Under this policy, because the multiple CM Code Files make a group of the CM Code Files with the exact same signingTime value in the Msg CVS, the operator can download any CM Code File in the group in any order. That is, among the CM Code Files in the same group, the software downgrade can be realized.