[cabf_netsec] Notes from Today's NetSec Call

[Tim Hollebeek]

I think we need to get through the original issues identified when we
started this work before taking on new and larger work items.

 

We already agreed on previous calls that we weren't taking up new topics
until we finished the existing topics.  If people have ideas how to get the
existing topics addressed in a more efficient manner, I'm all ears.

 

It shouldn't be that hard.  The existing items were relatively small and
well-scoped.  The "completely rethink the NCSSRs via threat modeling" effort
is useful, but it should not be allowed to derail the important incremental
improvements that motivated the current work.

 

-Tim

 

From: Netsec [mailto:netsec-bounces at cabforum.org] On Behalf Of Ben Wilson
via Netsec
Sent: Thursday, April 26, 2018 10:25 PM
To: CA/Browser Forum Network Security WG List <netsec at cabforum.org>
Subject: [cabf_netsec] Notes from Today's NetSec Call

 

During today's call we reviewed the terminology we've been using and terms
defined in the NCSSRs.  We discussed the need for a better architectural
framework for CAs, an understanding of data flows, and the interconnectivity
among systems.  

 

We're still looking for a better model that we can follow.

 

Tobias noted that the way we're trying to update the NCSSRs is really
tedious.  We might want to consider making bigger steps, although changing
from the existing NCSSRs might be too disruptive.  Should we try decoupling
from the existing NCSSRs?  We need a model of how to operate a CA in a
secure fashion and then work from there.  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180427/8e7465df/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180427/8e7465df/attachment.p7s>