[cabf_netsec] Minutes - Meeting of 13 July 2017

Ben Wilson ben.wilson at digicert.com
Tue Jul 25 10:59:28 MST 2017

I'll be happy to chair, Bruce, until we find a temporary replacement.

Take care,



From: Netsec [mailto:netsec-bounces at cabforum.org] On Behalf Of Bruce Morton
via Netsec
Sent: Tuesday, July 25, 2017 11:58 AM
To: CA/Browser Forum Network Security WG List <netsec at cabforum.org>
Subject: Re: [cabf_netsec] Minutes - Meeting of 13 July 2017


Unfortunately, I am on medical leave for an undetermined amount of time. I
will not be able to chair or attend NetSec WG meetings.


It would be great if someone could volunteer as co-chair at the next


Thanks, Bruce.

On Jul 14, 2017, at 1:51 PM, Bruce Morton <Bruce.Morton at entrustdatacard.com
<mailto:Bruce.Morton at entrustdatacard.com> > wrote:

Below are the minutes from the Network Security Working Group meeting of 13
July 2017.


Attendees were: Alex Craig (Entrust), Ben Wilson (DigiCert), Bruce Morton
(Entrust), Chris Salter (CIS), Curt Spann (Apple), Dean Coclin (Symantec),
Dimitris Zacharopoulos (HARICA), Ed Gianquinto (Comodo), Kenneth Myers
(GSA), Jeff Stapleton (Wells Fargo), Jos Purvis (Cisco), Neil Dunbar
(Trustcor), Peter Bowen (Amazon), Ryan Hurst (Google), Robin Alden (Comodo),
Tim Hollebeek (Trustwave), Tim Shirley (Trustwave), Tobias Josefowitz
(Opera), Tom Ritter (Mozilla), Travis Graham (GoDaddy), Wayne Thayer
(GoDaddy), Xiu Lei (GDCA)


Discussed short-term changes:

a.	Dimitris presented changes at

*	Update ETSI audit requirements
*	Change 90 days to 3 months
*	Remove viruses and malicious software
*	Based on discussion, Dimitris will update the proposal

b.	Bruce presnted changes to off-line CAs

*	For 2.m. it was agreed to change "Enforce multi-factor *or
multi-party* authentication for administrator access to Issuing Systems and
Certificate Management Systems"
*	For 2.o. it was discussed to change "Restrict remote administration
or access" to another term and somehow limit the word "access." Tobias will
send another proposal.
*	For 2.o. it was agreed to remove "and from a pre-approved external
IP address"
*	It was agreed that we would not add in definitions for Multi-factor
or Multi-party

c.	We did not discuss the changes proposed from the Bilbao meeting. Ben
to provide input and possibly add to Dimitris' document.


Other business.

*	Ken will provide input for review.


Next call is July 27, 2017




Thanks, Bruce.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20170725/52aa9418/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20170725/52aa9418/attachment-0001.p7s>

More information about the Netsec mailing list