[cabf_netsec] Minutes - Meeting of 13 July 2017

Sun Jul 16 23:25:26 MST 2017

On 14/7/2017 8:51 μμ, Bruce Morton via Netsec wrote:
>
> Below are the minutes from the Network Security Working Group meeting 
> of 13 July 2017.
>
> Attendees were: Alex Craig (Entrust), Ben Wilson (DigiCert), Bruce 
> Morton (Entrust), Chris Salter (CIS), Curt Spann (Apple), Dean Coclin 
> (Symantec), Dimitris Zacharopoulos (HARICA), Ed Gianquinto (Comodo), 
> Kenneth Myers (GSA), Jeff Stapleton (Wells Fargo), Jos Purvis (Cisco), 
> Neil Dunbar (Trustcor), Peter Bowen (Amazon), Ryan Hurst (Google), 
> Robin Alden (Comodo), Tim Hollebeek (Trustwave), Tim Shirley 
> (Trustwave), Tobias Josefowitz (Opera), Tom Ritter (Mozilla), Travis 
> Graham (GoDaddy), Wayne Thayer (GoDaddy), Xiu Lei (GDCA)
>
> Discussed short-term changes:
>
> a.Dimitris presented changes at 
> https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7
>
> ·Update ETSI audit requirements
>
> ·Change 90 days to 3 months
>
> ·Remove viruses and malicious software
>
> ·Based on discussion, Dimitris will update the proposal
>
> b.Bruce presnted changes to off-line CAs
>
> ·For 2.m. it was agreed to change “Enforce multi-factor **or 
> multi-party** authentication for administrator access to Issuing 
> Systems and Certificate Management Systems”
>
> ·For 2.o. it was discussed to change “Restrict remote administration 
> or access” to another term and somehow limit the word “access.” Tobias 
> will send another proposal.
>
> ·For 2.o. it was agreed to remove “and from a pre-approved external IP 
> address”
>
> ·It was agreed that we would not add in definitions for Multi-factor 
> or Multi-party
>
> c.We did not discuss the changes proposed from the Bilbao meeting. Ben 
> to provide input and possibly add to Dimitris’ document.
>
> Other business.
>
> ·Ken will provide input for review.
>
> Next call is July 27, 2017
>
> Thanks, Bruce.
>
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec

One more thing we discussed was to further improve the definition of 
*"**Security Support System"* to include examples for "intrusion 
detection". Here is what the NSRs look like with all currently proposed 
changes:

https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7
I have also attached a red-lined PDF version for people not familiar 
with github.

Please note that the Bilbao meeting proposed changes are still missing.

Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20170717/52df92aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSR-draft-update at jul17-2017.pdf
Type: application/pdf
Size: 335971 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20170717/52df92aa/attachment-0001.pdf>