<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EstiloCorreo20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span lang=EN-GB style='mso-fareast-language:EN-US'>I support option C and clarify what Pedro is suggesting.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>De:</b> Netsec <netsec-bounces@cabforum.org> <b>En nombre de </b>Pedro FUENTES via Netsec<br><b>Enviado el:</b> sábado, 15 de octubre de 2022 8:40<br><b>Para:</b> Ben Wilson <bwilson@mozilla.com>; CABF Network Security WG <netsec@cabforum.org><br><b>Asunto:</b> Re: [cabf_netsec] [EXTERNAL]- Definition of "Air Gapped"<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div style='border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt'><p class=MsoNormal style='line-height:12.0pt;background:#FAFA03'><span style='font-size:10.0pt;color:black'>CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hello Ben, <o:p></o:p></p><div><p class=MsoNormal>In principle I would say that extending the concept of lack of connectivity to “Electrical Connections” would impose a big challenge, because even if the systems are normally powered off and electrical cables are disconnected, at the moment of powering up the systems (i.e. for a ceremony) we’d be breaching that requirement.<o:p></o:p></p></div><div><p class=MsoNormal>BR/P <o:p></o:p></p><div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On 15 Oct 2022, at 05:39, Ben Wilson via Netsec <<a href="mailto:netsec@cabforum.org">netsec@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>All,</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Both <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__csrc.nist.gov_glossary_term_air-5Fgap%26d%3DDwMFaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DLmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo%26s%3D05O03TdRvsnIHsm0s4tXXiC6o8fWB9-q1mnU1gzxe0k%26e%3D&data=05%7C01%7Cinigo.barreira%40sectigo.com%7C596c142721e64348e8b608daae781d45%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638014128352730649%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=VBPO1vK7pipLk2hUCYUNFcAaHgRwiiozPS2E4MCavP0%3D&reserved=0">https://csrc.nist.gov/glossary/term/air_gap</a> and <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.rfc-2Deditor.org_rfc_rfc4949%26d%3DDwMFaQ%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY%26m%3DLmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo%26s%3DAISpylDx7SDnLQ0TQ0PzCB8PL8aPhNArmjJzOoZyUsY%26e%3D&data=05%7C01%7Cinigo.barreira%40sectigo.com%7C596c142721e64348e8b608daae781d45%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638014128352730649%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=NQGIjuSUpeQ2%2BqDeotRQbvIbthSOKeiKJEEjyL5mpzk%3D&reserved=0"><span style='color:#0563C1'>https://www.rfc-editor.org/rfc/rfc4949</span></a> define "air gap" as "An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control)." </span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>But this definition seems antiquated and not entirely clear. For instance, it doesn't address wireless connections, only physical connections. Also, I believe that use of the word "interface" and other language in that definition have the potential to cause confusion. </span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>RFC 4949 does clarify the definition with a parenthetical and an example:</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div style='margin-left:30.0pt'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>(See: sneaker net. Compare: gateway.) </span><o:p></o:p></p></div><div style='margin-left:30.0pt'><p class=MsoNormal><o:p> </o:p></p></div><div style='margin-left:30.0pt'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Example: Computer A and computer B are on opposite sides of a room. To move data from A to B, a person carries a disk across the room. If A and B operate in different security domains, then moving data across the air gap may involve an upgrade or downgrade operation.</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>One potential definition of "air-gapped" (Alternative A) could be "separation between two devices or networks because they lack an electrical or wireless connection, which prevents them from communicating except by some external, manual, human interaction (e.g. computer A and computer B are on opposite sides of a room, and to move data from A to B, a person must carry a transfer device across the room)."</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Alternative B could be:<span style='font-size:10.0pt;font-family:"Arial",sans-serif'> "the absence of connections (electrical, wireless, or any other networking) that prevents a system from communicating with another system and requires human intervention and a transfer device for data to move between the two systems."</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Alternative C would be to define "Air Gap", as above in the CSRC/RFC definition, and add the words "or wirelessly", so that it would read "An interface between two systems at which (a) they are not connected physically <u>or wirelessly</u> and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control)." </span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Also, I'll raise it here, for completeness, but I'm thinking we do not want to enlarge the scope of "air-gapped" to allow cryptographic, tunneled connections. I'm inclined to keep our definition simple (and hence hopefully more secure), but if anyone has other suggestions, please feel free to chime in.</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Please provide Alternatives D to Z.</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Finally, while I'm thinking about it, in the NCSSRs, do we want to consider "powered off and locked in a safe" separately from "air gapped" - it seems there might be a different risk profile?</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Thanks in advance,</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Ben</span><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div><p class=MsoNormal>_______________________________________________<br>Netsec mailing list<br><a href="mailto:Netsec@cabforum.org">Netsec@cabforum.org</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_netsec&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=LmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo&s=MIKlQspu8CuNGjk6ZI-0bwJ1_JcZZSl4qT4xxyH0c3A&e=">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_netsec&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=LmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo&s=MIKlQspu8CuNGjk6ZI-0bwJ1_JcZZSl4qT4xxyH0c3A&e=</a><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal><b><span style='font-size:8.5pt;color:#F62400'><br>WISeKey SA</span></b><o:p></o:p></p><div><p class=MsoNormal><b><span style='font-size:8.5pt;color:black'>Pedro Fuentes<br></span></b><span style='font-size:8.5pt;color:black'>CSO - Trust Services Manager</span><span style='font-size:9.0pt;color:black'><br></span><span style='font-size:7.5pt;color:black'>Office: + 41 (0) 22 594 30 00<br>Mobile: + 41 (0) </span><span style='font-size:10.0pt;color:black'>791 274 790</span><span style='color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:7.5pt;color:black'>Address: </span><span style='font-size:7.5pt'>Avenue Louis-Casaď 58 | </span><span style='font-size:10.0pt'>1216 Cointrin | Switzerland</span><o:p></o:p></p></div><div><p class=MsoNormal><b><span style='font-size:9.0pt;color:black'>Stay connected with <a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wisekey.com%2F&data=05%7C01%7Cinigo.barreira%40sectigo.com%7C596c142721e64348e8b608daae781d45%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638014128352886870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=qzAaArwhgnAenqj27kEnGc3Og4yuYUaYLw61Gi25o8M%3D&reserved=0"><span style='color:#F62400'>WISeKey</span></a><br></span></b><span style='font-size:7.5pt;color:darkgray'><br><br></span><o:p></o:p></p></div><div><div><p class=MsoNormal><b><span style='font-size:7.5pt;color:#78A600'>THIS IS A TRUSTED MAIL</span></b><span style='font-size:7.5pt;color:#78A600'>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</span><span style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:7.0pt;color:darkgray'><br><br></span><span style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div><div><div><p class=MsoNormal><b><span style='font-size:7.0pt;color:darkgray'>CONFIDENTIALITY: </span></b><span style='font-size:7.0pt;color:darkgray'>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</span><span style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:9.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><b><span style='font-size:7.0pt;color:darkgray'>DISCLAIMER: </span></b><span style='font-size:7.0pt;color:darkgray'>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</span><span style='font-size:9.0pt;color:black'><o:p></o:p></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></body></html>