[cabf_netsec] Threat model for "Root CA System" is ready for discussion

Dimitris Zacharopoulos jimmy at it.auth.gr
Tue Feb 27 12:21:43 MST 2018


Following-up on this topic, I created a short presentation for the F2F
to discuss the results of the Threat Analysis approach.

If anyone wants to suggest improvements, please do so either privately
or on this list.


Thank you,
Dimitris.

On 14/2/2018 7:29 μμ, Dimitris Zacharopoulos via Netsec wrote:
> Dear NetSec WG members,
>
> The Network Security sub-group that worked towards a "Threat Analysis
> for a Root CA System" has completed its work. We examined threats and
> vulnerabilities in Root CA Management Systems and recommended
> compensating controls to minimize these risks.
>
> We also did a mapping to existing Network Security Requirements
> controls that describe similar compensating controls. Wherever we
> introduced new controls that do not exist in the current Network
> Security Requirements, we provided a recommendation for "SHOULD" or
> "MUST".
>
> You can find this work at the following spreadsheet:
>
>   * https://docs.google.com/spreadsheets/d/16kRPobK31Qb7L4ooq4SJE6K6OmfPOizdtV9M-m475WU
>
> This is not an exhaustive list of threats or vulnerabilities but
> enough to justify some existing Network Security Requirements and some
> critical risks. We recommend members to examine this spreadsheet and
> give us feedback about whether this "threat analysis" approach is
> useful (or not) and if it should be expanded to the online CA
> Management Systems as well (or not). We also welcome comments about
> specific items of the spreadsheet.
>
> We would like 15-20 minutes on tomorrow's call to present the results
> of our work.
>
> I would like to thank everyone who volunteered to this sub-group and
> provided their expert opinion. We will leave the sub-group calendar
> invitation and webex room open for possible future calls, but until we
> get some feedback from the larger group we consider our work complete
> at this point. We will also have the opportunity to expand more at the
> next face-to-face meeting.
>
>
> Thank you,
> Dimitris Zacharopoulos.
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180227/bfef09b8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Root CA System Threat Analysis draft presentation.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 40998 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180227/bfef09b8/attachment-0001.pptx>


More information about the Netsec mailing list