<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 14/7/2017 8:51 μμ, Bruce Morton via
Netsec wrote:<br>
</div>
<blockquote type="cite"
cite="mid:965ca573a7524acab812459fd2b66491@PMSPEX04.corporate.datacard.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:170998468;
mso-list-template-ids:1910121814;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:348527342;
mso-list-type:hybrid;
mso-list-template-ids:-1784625992 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1794708401;
mso-list-type:hybrid;
mso-list-template-ids:-1365979164 67698703 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:2063552224;
mso-list-type:hybrid;
mso-list-template-ids:-2058684928 67698713 67698689 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Below are the minutes from the Network
Security Working Group meeting of 13 July 2017.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Attendees were: Alex Craig (Entrust), Ben
Wilson (DigiCert), Bruce Morton (Entrust), Chris Salter (CIS),
Curt Spann (Apple), Dean Coclin (Symantec), Dimitris
Zacharopoulos (HARICA), Ed Gianquinto (Comodo), Kenneth Myers
(GSA), Jeff Stapleton (Wells Fargo), Jos Purvis (Cisco), Neil
Dunbar (Trustcor), Peter Bowen (Amazon), Ryan Hurst (Google),
Robin Alden (Comodo), Tim Hollebeek (Trustwave), Tim Shirley
(Trustwave), Tobias Josefowitz (Opera), Tom Ritter (Mozilla),
Travis Graham (GoDaddy), Wayne Thayer (GoDaddy), Xiu Lei
(GDCA)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Discussed short-term changes:<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
style="mso-list:Ignore">a.<span style="font:7.0pt
"Times New Roman"">
</span></span><!--[endif]-->Dimitris presented changes at <a
href="https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7"
moz-do-not-send="true">
https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7</a><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->Update ETSI audit
requirements<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->Change 90 days to 3
months<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->Remove viruses and
malicious software<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->Based on discussion,
Dimitris will update the proposal<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
style="mso-list:Ignore">b.<span style="font:7.0pt
"Times New Roman"">
</span></span><!--[endif]-->Bruce presnted changes to
off-line CAs<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]-->For 2.m. it was agreed
to change “<span style="color:black">Enforce multi-factor *</span><b><span
style="color:#C00000">or multi-party</span></b><span
style="color:#C00000">*
</span><span style="color:black">authentication for
administrator access to Issuing Systems and Certificate
Management Systems”</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:black">For 2.o. it was discussed to change
“Restrict remote administration or access” to another term
and somehow limit the word “access.” Tobias will send
another proposal.</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:black">For 2.o. it was agreed to remove “and
from a pre-approved external IP address”</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level2
lfo4">
<!--[if !supportLists]--><span style="font-family:Symbol"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:black">It was agreed that we would not add in
definitions for Multi-factor or Multi-party</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l3 level1 lfo4"><!--[if !supportLists]--><span
style="mso-list:Ignore">c.<span style="font:7.0pt
"Times New Roman"">
</span></span><!--[endif]--><span style="color:black">We did
not discuss the changes proposed from the Bilbao meeting.
Ben to provide input and possibly add to Dimitris’ document.</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Other business.<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l1 level1 lfo5"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]-->Ken will provide input
for review.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Next call is July 27, 2017<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks, Bruce.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Netsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Netsec@cabforum.org">Netsec@cabforum.org</a>
<a class="moz-txt-link-freetext" href="http://cabforum.org/mailman/listinfo/netsec">http://cabforum.org/mailman/listinfo/netsec</a>
</pre>
</blockquote>
<br>
One more thing we discussed was to further improve the definition of
<strong>"</strong><strong>Security Support System"</strong> to
include examples for "intrusion detection". Here is what the NSRs
look like with all currently proposed changes:<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7">https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7</a><br>
I have also attached a red-lined PDF version for people not familiar
with github.<br>
<br>
Please note that the Bilbao meeting proposed changes are still
missing.<br>
<br>
<br>
Dimitris.<br>
</body>
</html>