[cabf_netsec] Minutes - Meeting of 13 July 2017

Bruce Morton Bruce.Morton at entrustdatacard.com
Fri Jul 14 10:51:49 MST 2017


Below are the minutes from the Network Security Working Group meeting of 13 July 2017.

Attendees were: Alex Craig (Entrust), Ben Wilson (DigiCert), Bruce Morton (Entrust), Chris Salter (CIS), Curt Spann (Apple), Dean Coclin (Symantec), Dimitris Zacharopoulos (HARICA), Ed Gianquinto (Comodo), Kenneth Myers (GSA), Jeff Stapleton (Wells Fargo), Jos Purvis (Cisco), Neil Dunbar (Trustcor), Peter Bowen (Amazon), Ryan Hurst (Google), Robin Alden (Comodo), Tim Hollebeek (Trustwave), Tim Shirley (Trustwave), Tobias Josefowitz (Opera), Tom Ritter (Mozilla), Travis Graham (GoDaddy), Wayne Thayer (GoDaddy), Xiu Lei (GDCA)

Discussed short-term changes:

a.      Dimitris presented changes at https://github.com/cabforum/documents/pull/64/files?short_path=50fc941#diff-50fc941f7be640a0bf58764b83d5d9e7

*        Update ETSI audit requirements

*        Change 90 days to 3 months

*        Remove viruses and malicious software

*        Based on discussion, Dimitris will update the proposal

b.      Bruce presnted changes to off-line CAs

*        For 2.m. it was agreed to change "Enforce multi-factor *or multi-party* authentication for administrator access to Issuing Systems and Certificate Management Systems"

*        For 2.o. it was discussed to change "Restrict remote administration or access" to another term and somehow limit the word "access." Tobias will send another proposal.

*        For 2.o. it was agreed to remove "and from a pre-approved external IP address"

*        It was agreed that we would not add in definitions for Multi-factor or Multi-party

c.      We did not discuss the changes proposed from the Bilbao meeting. Ben to provide input and possibly add to Dimitris' document.

Other business.

*        Ken will provide input for review.

Next call is July 27, 2017



Thanks, Bruce.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20170714/c59c78ec/attachment-0001.html>


More information about the Netsec mailing list