[cabf_netsec] Draft Final Report of the NetSec WG
Dimitris Zacharopoulos
jimmy at it.auth.gr
Fri Jun 15 06:37:55 MST 2018
+1 for both comments.
On 15/6/2018 3:53 μμ, Tim Hollebeek via Netsec wrote:
>
> I think this is an excellent start, but I do have some comments.
>
> I think conclusion #1 is overly critical of the NSSRs. While we
> certainly did find some areas where there need to be significant
> improvements, I think the consensus of the group was that the majority
> of the content continues to be relevant and important, and they are
> certainly much more useful than anything else that is out there that
> could be adopted.
>
> Given that wholesale removal of the NSSRs was one of the options
> contemplated in the charter, I think the report needs to make it very
> clear that returning to the pre-DigiNotar situation where there are no
> requirements at all in this area would be completely irresponsible.
>
> -Tim
>
> *From:* Netsec [mailto:netsec-bounces at cabforum.org] *On Behalf Of
> *Neil Dunbar via Netsec
> *Sent:* Thursday, June 14, 2018 10:42 AM
> *To:* CA/Browser Forum Network Security WG List <netsec at cabforum.org>
> *Subject:* [cabf_netsec] Draft Final Report of the NetSec WG
>
> Colleagues,
>
> Following on from the London discussion, I’ve prepared a skeleton
> document to serve as the basis of the final report, which is attached
> within. The key takeaways are:
>
> 1. The existing NetSec requirements stink
> 2. The other security standards don’t stink, but don’t really fit either
> 3. We should keep the NSSRs as the base document, but heavily update
> them.
> 4. We should try to charter a new WG to continue to work on that
> updating process, but continue as a subcommittee of the SCWG post
> July 3, until this is done.
>
> What’s missing from the document (apart from common sense, clarity of
> text and purpose)? The external standards which were considered, but
> rejected as not particularly good fit. The other members of the WG
> will be able to fill in those details with better memory than I can.
> Hopefully we can discuss this at the next meeting. I don’t think that
> we need be exhaustive in picking out every fault. It’s enough to say
> “Standard X was considered, but it doesn’t really speak to delegated
> third party deployments”, or “doesn’t mention multi-party access”,
> that sort of thing.
>
> Regards,
>
> Neil
>
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180615/bd4b16e5/attachment-0001.html>
More information about the Netsec
mailing list