[cabf_netsec] Threat model approach for "Root CA System"
Dimitris Zacharopoulos
jimmy at it.auth.gr
Fri Sep 22 07:12:00 MST 2017
Dear NetSec WG members,
In yesterday's WG meeting, we introduced the idea of approaching the
"Root CA System" in a "threat model" way and see how that turns out. The
justification behind trying this approach is that the current Network
Security Requirements include some very specific security requirements
and controls but don't actually describe what are the threats they try
to prevent from happening or which vulnerabilities they try to mitigate.
Also, defining a reasonable "security perimeter" for a "Root CA System"
is a challenge and each CA might see it in a number of ways. Knowing
what we want to protect against can help CAs better define this
"security perimeter".
If we list specific threats and vulnerabilities, even obvious ones, then
we can try to map the current NSR controls to these risks and see if
they do a reasonable job in 2017. If they don't, we will try improving
or replacing existing controls or even add new ones so that the "Root CA
System" is "reasonably" protected. As we all know, there is no 100%
security but "reasonably" for a Root CA System should be pretty close to
that! We'll also try to talk about what threats we will
explicitly not try to defend against!
As a note from yesterday's meeting, this threat-model approach might end
up with different requirements to what CAs are currently being audited
against. This shouldn't work as a deterrent for improving the security
of these systems and once this process matures, there will be adequate
time for CAs to adapt to the updated security requirements.
If anyone is interested in working with such an approach, please join
me, Neil Dunbar (TrustCor) and Tom Ritter (Mozilla) by sending me a
private e-mail. We will work independently and present our work to the
NetSec WG so the same IPR policy applies.
If this approach improves the Network Security Requirements update
process, we might expand it to other concepts of the Network Security
Requirements like the "Certificate Issuing System", maybe introduce a
separate "Registration and enrollment System", we'll see.
Best regards,
Dimitris.
More information about the Netsec
mailing list