[cabfpub] Policy Review Working Group

i-barreira at izenpe.net i-barreira at izenpe.net
Thu Oct 9 23:47:20 MST 2014 

I can review the whole doc when finished and compared with ETSI standards. I think this is what agreed in the last F2F WG meeting.

 

 

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net

945067705

 

 

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

 

De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: jueves, 09 de octubre de 2014 23:25
Para: CABFPub
Asunto: [cabfpub] Policy Review Working Group

 

The Policy Review Working Group is looking for volunteers to take on different sections of a draft that compares current CA/B Forum guidelines with RFC 3647 and similar criteria (WebTrust, ETSI, NIST).  

The review items are grouped in the chart below.  Please let me know whether you would like to participate in the review of a particular topic, as outlined below.

 

 

Section

Title

WG Member(s) 

2.3-2.4

Time or frequency of publication and Access controls on repositories

 

3.1

Naming

 

3.2 - 3.4

Initial identity validation / Identification and authentication 

 

4.2 - 4.4

Certificate application, issuance and acceptance

 

4.5

Key pair and certificate usage

 

4.6-4.8

Certificate renewal, re-key, modification

 

4.9.1-4.9.6

Revocation

 

4.9.7-4.9.16

CRL Issuance Frequency & OCSP

 

4.10

Certificate status services

 

4.11-4.12

Key Escrow and Recovery

 

5.1

Physical controls

 

5.2

Procedural Controls

 

5.3

Personnel controls

 

5.4

Audit logging procedures

 

5.5

Records Archival

 

5.6-5.8

Key changeover, Compromise, Disaster Recovery, CA Termination

 

6.1

Key pair generation and installation

 

6.2-6.3

Private Key Protection, Controls and Other Aspects

 

6.4

Activation data

 

6.5

Computer security controls

Tim Hollebeek

6.6

Life cycle technical controls

 

6.7.1 to 6.7.4

Isolation of Networked Systems to Communications Security

 

6.7.5 to 6.7.7

Network Monitoring to Penetration Testing

 

6.8

Time-stamping

 

7

CERTIFICATE, CRL, AND OCSP PROFILES

 

8

COMPLIANCE AUDIT AND OTHER ASSESSMENTS

 

9

OTHER BUSINESS AND LEGAL MATTERS

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141010/6ea27ebd/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
Url : https://cabforum.org/pipermail/public/attachments/20141010/6ea27ebd/attachment-0001.png

More information about the Public mailing list