<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 14/7/2017 8:51 μμ, Bruce Morton via
      Netsec wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:965ca573a7524acab812459fd2b66491@PMSPEX04.corporate.datacard.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:170998468;
        mso-list-template-ids:1910121814;}
@list l0:level1
        {mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level4
        {mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level7
        {mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1
        {mso-list-id:348527342;
        mso-list-type:hybrid;
        mso-list-template-ids:-1784625992 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2
        {mso-list-id:1794708401;
        mso-list-type:hybrid;
        mso-list-template-ids:-1365979164 67698703 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l3
        {mso-list-id:2063552224;
        mso-list-type:hybrid;
        mso-list-template-ids:-2058684928 67698713 67698689 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l3:level2
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l3:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l3:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l3:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l3:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l3:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l3:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l3:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Below are the minutes from the Network
          Security Working Group meeting of 13 July 2017.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Attendees were: Alex Craig (Entrust), Ben
          Wilson (DigiCert), Bruce Morton (Entrust), Chris Salter (CIS),
          Curt Spann (Apple), Dean Coclin (Symantec), Dimitris
          Zacharopoulos (HARICA), Ed Gianquinto (Comodo), Kenneth Myers
          (GSA), Jeff Stapleton (Wells Fargo), Jos Purvis (Cisco), Neil
          Dunbar (Trustcor), Peter Bowen (Amazon), Ryan Hurst (Google),
          Robin Alden (Comodo), Tim Hollebeek (Trustwave), Tim Shirley
          (Trustwave), Tobias Josefowitz (Opera), Tom Ritter (Mozilla),
          Travis Graham (GoDaddy), Wayne Thayer (GoDaddy), Xiu Lei
          (GDCA)<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Discussed short-term changes:<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
            style="mso-list:Ignore">a.<span style="font:7.0pt
              "Times New Roman"">     
            </span></span><!--[endif]-->Dimitris presented changes at <a
href="https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7"
            moz-do-not-send="true">
https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7</a><o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]-->Update ETSI audit
          requirements<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]-->Change 90 days to 3
          months<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]-->Remove viruses and
          malicious software<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]-->Based on discussion,
          Dimitris will update the proposal<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
            style="mso-list:Ignore">b.<span style="font:7.0pt
              "Times New Roman"">     
            </span></span><!--[endif]-->Bruce presnted changes to
          off-line CAs<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]-->For 2.m. it was agreed
          to change “<span style="color:black">Enforce multi-factor *</span><b><span
              style="color:#C00000">or multi-party</span></b><span
            style="color:#C00000">*
          </span><span style="color:black">authentication for
            administrator access to Issuing Systems and Certificate
            Management Systems”</span><o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]--><span
            style="color:black">For 2.o. it was discussed to change
            “Restrict remote administration or access” to another term
            and somehow limit the word “access.” Tobias will send
            another proposal.</span><o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]--><span
            style="color:black">For 2.o. it was agreed to remove “and
            from a pre-approved external IP address”</span><o:p></o:p></p>
        <p class="MsoListParagraph"
          style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
          lfo4">
          <!--[if !supportLists]--><span style="font-family:Symbol"><span
              style="mso-list:Ignore">·<span style="font:7.0pt
                "Times New Roman"">       
              </span></span></span><!--[endif]--><span
            style="color:black">It was agreed that we would not add in
            definitions for Multi-factor or Multi-party</span><o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
            style="mso-list:Ignore">c.<span style="font:7.0pt
              "Times New Roman"">     
            </span></span><!--[endif]--><span style="color:black">We did
            not discuss the changes proposed from the Bilbao meeting.
            Ben to provide input and possibly add to Dimitris’ document.</span><o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Other business.<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-.25in;mso-list:l1 level1 lfo5"><!--[if !supportLists]--><span
            style="font-family:Symbol"><span style="mso-list:Ignore">·<span
                style="font:7.0pt "Times New Roman"">       
              </span></span></span><!--[endif]-->Ken will provide input
          for review.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Next call is July 27, 2017<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Thanks, Bruce.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Netsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Netsec@cabforum.org">Netsec@cabforum.org</a>
<a class="moz-txt-link-freetext" href="http://cabforum.org/mailman/listinfo/netsec">http://cabforum.org/mailman/listinfo/netsec</a>
</pre>
    </blockquote>
    <br>
    One more thing we discussed was to further improve the definition of
    <strong>"</strong><strong>Security Support System"</strong> to
    include examples for "intrusion detection". Here is what the NSRs
    look like with all currently proposed changes:<br>
    <br>
<a class="moz-txt-link-freetext" href="https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7">https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7</a><br>
    I have also attached a red-lined PDF version for people not familiar
    with github.<br>
    <br>
    Please note that the Bilbao meeting proposed changes are still
    missing.<br>
    <br>
    <br>
    Dimitris.<br>
  </body>
</html>