[cabf_netsec] Short term fix list

Mon Jul 10 01:14:14 MST 2017

So, the general consensus is that automated system periods are expressed in days (e.g. password expiry), but that staff driven activities are expressed in calendar months (presumably to avoid possible clashes with weekends, public holidays, etc.)? I can get behind that.

I’m still a little unclear on why the password quality restrictions would only apply to accounts accessible from outside the controlling security zone. I mean - wouldn’t it be simpler to require that _all_ secure zone account passwords have a quality threshold and rotation time (including root passwords only usable from console)? Or is that introducing potentially controversial changes?

Cheers,

Neil

> On 10 Jul 2017, at 08:33, Dimitris Zacharopoulos via Netsec <netsec at cabforum.org> wrote:
> 
> 
> Here are some proposed changes for things that were repeated in previous F2F meetings (hopefully uncontroversial).
> 
> https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7 <https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7>
> 
> Ben pulled some other changes discussed at the Bilbao meeting but I don't know if all these changes are uncontroversial. Anyone can take a stab and commit new proposed changes, based on the Bilbao meeting.
> 
> 
> Dimitris.
> 
> 
> On 6/7/2017 7:26 μμ, Dimitris Zacharopoulos wrote:
>> 
>> 
>> On 6/7/2017 4:35 μμ, Bowen, Peter wrote:
>>> Sorry for missing this email.  The formatting looks good but has a couple of bugs.  If you look at https://github.com/dzacharo/documents/blob/master/docs/NSR.md <https://github.com/dzacharo/documents/blob/master/docs/NSR.md>, you can see that it isn’t rendering quite right.
>>>  
>>> Your headings need a space between the # and the number.  Otherwise it won’t be treated as a heading.  I would also use ## or ###, as they are likely subheadings.
>> 
>> It did render ok on my client markdown editor but not on github. Fixed.
>> 
>> 
>>> 
>>> Under 2.15, the romanettes (i), (ii), and (iii) didn’t come out right
>> 
>> Fixed the numbering and replaced numbers to letters (which is the normative document according to Ben).
>> 
>>> 
>>>  
>>> I would also suggest making two pull requests, one with the current doc converted to markdown (no changes) and then one with the proposed changes.  That way there is a clear starting point and changes can be reviewed against a baseline.
>> 
>> https://github.com/cabforum/documents/pull/63 <https://github.com/cabforum/documents/pull/63>.
>> 
>> It needs a quick review and can be merged if it is ok. I will add the proposed changes after the merge and create a new pull request. Currently, if I commit a new change, it will be included in the existing pull request (63).
>> 
>> Bruce, reviewing on github as a red-lined diff, is easy. You just need to select the file you want to review and then click on the "rich diff" display format. Here is a direct link of the proposed changes in rich diff format. Just note that the numbering WILL change to use lettered lists and not numbered lists, once the first pull request (of the current NSRs) is approved.
>> 
>> https://github.com/dzacharo/documents/commit/601136b4f66c958de56c95288784e5efbb954fac?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7 <https://github.com/dzacharo/documents/commit/601136b4f66c958de56c95288784e5efbb954fac?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7>
>> 
>> 
>> Cheers,
>> Dimitris.
>> 
>> 
>>>  
>>> Thanks,
>>> Peter
>>>  
>>> On 7/6/17, 6:24 AM, "Bruce Morton" <Bruce.Morton at entrustdatacard.com <mailto:Bruce.Morton at entrustdatacard.com>> wrote:
>>>  
>>> I might not be git capable as I don’t understand the changes being proposed.
>>>  
>>> Bruce.
>>>  
>>> From: Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr <mailto:jimmy at it.auth.gr>] 
>>> Sent: Monday, July 3, 2017 2:13 PM
>>> To: Kirk Hall <Kirk.Hall at entrustdatacard.com> <mailto:Kirk.Hall at entrustdatacard.com>; Ben Wilson <ben.wilson at digicert.com> <mailto:ben.wilson at digicert.com>
>>> Cc: Bruce Morton <Bruce.Morton at entrustdatacard.com> <mailto:Bruce.Morton at entrustdatacard.com>; Peter Bowen <pzb at amzn.com> <mailto:pzb at amzn.com>
>>> Subject: [EXTERNAL]Re: Short term fix list
>>>  
>>> 
>>> I tried to dig into the "git world", to help with the discussion of changes to the NetSecurity Requirements.
>>> 
>>> First of all, I converted the existing Network Security Requirements to markdown. Then, I made some changes which have been discussed in the last couple of years since I joined the forum and which I believe are uncontroversial.
>>> 
>>> The result of this work is https://github.com/cabforum/documents/pull/62 <https://github.com/cabforum/documents/pull/62>
>>> 
>>> I might be terribly wrong in my git tasks 
>>> (fork "cabforum/documents" on my local repository, make changes and commit/push to my local repository, create pull request to "cabforum/documents" from my local repository), 
>>> 
>>> which is why I cc Peter to check if things were done properly and point me to the right direction of operations if I did something wrong.
>>> 
>>> Ben, of course feel free to use any of the committed information to create a branch on the cabforum/documents repository (I don't think I have permissions to create branches and so on for that repo).
>>> 
>>> 
>>> Thanks,
>>> Dimitris.
>>> 
>>> 
>>> 
>>> On 29/6/2017 7:42 μμ, Kirk Hall wrote:
>>> Ben and Dimitris – if you can send an email with your short term fix list in (say) a week or even sooner, maybe we can get some discussion going before our next call.
>>>  
>> 
> 
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org <mailto:Netsec at cabforum.org>
> http://cabforum.org/mailman/listinfo/netsec <http://cabforum.org/mailman/listinfo/netsec>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20170710/e4cfaab6/attachment-0001.html>