<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
<div>One specific complaint from the auditors I believe was the specific time requirements in the document. For example, if it said you have to change the password at 90 days, and you did it on day 91, it would be an audit failure. I think Don has better examples
 but that's one I recall. <br>
<br>
Sent from my iPhone</div>
<div><br>
On Jun 9, 2017, at 4:35 PM, Kirk Hall via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1983535749;
        mso-list-type:hybrid;
        mso-list-template-ids:-1110170332 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Bruce and I want to collect a preliminary list of current problems with the Network Security Guidelines (technically, the Network and Certificate System Security Requirements), so we can have a good discussion of possible new directions
 at the upcoming F2F.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">To that end – <u>please send Bruce and me a list of the specific requirements (and/or definitions) in the NetSec requirements that you think are most problematic</u> and which should be changed or dropped.  If possible, give us the following
 data for each problematic issue:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">      
</span></span><!--[endif]-->Section or definition of the NetSec Requirements that creates the problem<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">      
</span></span><!--[endif]-->What is the problem?<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">      
</span></span><!--[endif]-->What is a possible solution (drop, amend, supplement), with suggested language.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bruce and I will combine all suggestions received and report
<i><u>anonymously</u></i> to the whole group for a discussion in Berlin.  That may give the new Working Group some useful guidance for its ongoing work after that.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks.<o:p></o:p></p>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><Network_Security_Controls_V1.pdf></div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Public mailing list</span><br>
<span><a href="mailto:Public@cabforum.org">Public@cabforum.org</a></span><br>
<span><a href="https://clicktime.symantec.com/a/1/f8a6ATZl_MnLwe29_m42V-mYnSdtACxRZX0POAv19Vo=?d=Yz3SpbucMfHwCGRoOuzLmlu9Wpr_caTWy3ILlB_IoLHc8KA0wZ9ZIIE0tt6_40GuyUeYNqwIwidNiKaKMu-5OhJUpI-0YmfQlXF6WVerqU-ErugytgRRUvyO4rzY8NCkhG397tCFH2roGFp5G4M7Xr7HurgCIsLKvk_CMVy_W33a8G7xs-zP44TZmNNnklelkmp9rYeMxGizl_l43PaLWEPq3okEBqK1ZLhxicxRW5Q-DJpP7uamThvBEDxql9A4GfwEQidWB4-Z4LlFYTHzdzZ1KHdONbJspvsEhltqHQiSSKHqcjPVfopD6S_b1Il_kJ7UeffHCM2fbGuZM3-ATtW4erUTkCsgco80th_9K1GTEs0Ligy4OOIZyCqOKL88l3ZOGCvzMBdsibgW7vTwBA2LhcZdTn_Nqiq7Lfh2iJXO2hDVk8yYzplKWu7J_J7XdsTZJuufN_61qCXKBjZC5VS3fw%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic">https://clicktime.symantec.com/a/1/f8a6ATZl_MnLwe29_m42V-mYnSdtACxRZX0POAv19Vo=?d=Yz3SpbucMfHwCGRoOuzLmlu9Wpr_caTWy3ILlB_IoLHc8KA0wZ9ZIIE0tt6_40GuyUeYNqwIwidNiKaKMu-5OhJUpI-0YmfQlXF6WVerqU-ErugytgRRUvyO4rzY8NCkhG397tCFH2roGFp5G4M7Xr7HurgCIsLKvk_CMVy_W33a8G7xs-zP44TZmNNnklelkmp9rYeMxGizl_l43PaLWEPq3okEBqK1ZLhxicxRW5Q-DJpP7uamThvBEDxql9A4GfwEQidWB4-Z4LlFYTHzdzZ1KHdONbJspvsEhltqHQiSSKHqcjPVfopD6S_b1Il_kJ7UeffHCM2fbGuZM3-ATtW4erUTkCsgco80th_9K1GTEs0Ligy4OOIZyCqOKL88l3ZOGCvzMBdsibgW7vTwBA2LhcZdTn_Nqiq7Lfh2iJXO2hDVk8yYzplKWu7J_J7XdsTZJuufN_61qCXKBjZC5VS3fw%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic</a></span><br>
</div>
</blockquote>
</body>
</html>