[cabfpub] Policy Review Working Group

Tim Shirley TShirley at trustwave.com
Fri Oct 10 13:30:36 UTC 2014


I'll take section 4.6-4.8 (Certificate renewal, re-key, modification).

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Thursday, October 09, 2014 5:25 PM
To: CABFPub
Subject: [cabfpub] Policy Review Working Group

The Policy Review Working Group is looking for volunteers to take on different sections of a draft that compares current CA/B Forum guidelines with RFC 3647 and similar criteria (WebTrust, ETSI, NIST).
The review items are grouped in the chart below.  Please let me know whether you would like to participate in the review of a particular topic, as outlined below.


Section

Title

WG Member(s)

2.3-2.4

Time or frequency of publication and Access controls on repositories



3.1

Naming



3.2 - 3.4

Initial identity validation / Identification and authentication



4.2 - 4.4

Certificate application, issuance and acceptance



4.5

Key pair and certificate usage



4.6-4.8

Certificate renewal, re-key, modification



4.9.1-4.9.6

Revocation



4.9.7-4.9.16

CRL Issuance Frequency & OCSP



4.10

Certificate status services



4.11-4.12

Key Escrow and Recovery



5.1

Physical controls



5.2

Procedural Controls



5.3

Personnel controls



5.4

Audit logging procedures



5.5

Records Archival



5.6-5.8

Key changeover, Compromise, Disaster Recovery, CA Termination



6.1

Key pair generation and installation



6.2-6.3

Private Key Protection, Controls and Other Aspects



6.4

Activation data



6.5

Computer security controls

Tim Hollebeek

6.6

Life cycle technical controls



6.7.1 to 6.7.4

Isolation of Networked Systems to Communications Security



6.7.5 to 6.7.7

Network Monitoring to Penetration Testing



6.8

Time-stamping



7

CERTIFICATE, CRL, AND OCSP PROFILES



8

COMPLIANCE AUDIT AND OTHER ASSESSMENTS



9

OTHER BUSINESS AND LEGAL MATTERS





________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141010/e874e471/attachment-0003.html>


More information about the Public mailing list