[cabf_netsec] Draft Final Report of the NetSec WG

Dimitris Zacharopoulos jimmy at it.auth.gr
Fri Jun 15 06:37:55 MST 2018


+1 for both comments.


On 15/6/2018 3:53 μμ, Tim Hollebeek via Netsec wrote:
>
> I think this is an excellent start, but I do have some comments.
>
> I think conclusion #1 is overly critical of the NSSRs.  While we 
> certainly did find some areas where there need to be significant 
> improvements, I think the consensus of the group was that the majority 
> of the content continues to be relevant and important, and they are 
> certainly much more useful than anything else that is out there that 
> could be adopted.
>
> Given that wholesale removal of the NSSRs was one of the options 
> contemplated in the charter, I think the report needs to make it very 
> clear that returning to the pre-DigiNotar situation where there are no 
> requirements at all in this area would be completely irresponsible.
>
> -Tim
>
> *From:* Netsec [mailto:netsec-bounces at cabforum.org] *On Behalf Of 
> *Neil Dunbar via Netsec
> *Sent:* Thursday, June 14, 2018 10:42 AM
> *To:* CA/Browser Forum Network Security WG List <netsec at cabforum.org>
> *Subject:* [cabf_netsec] Draft Final Report of the NetSec WG
>
> Colleagues,
>
> Following on from the London discussion, I’ve prepared a skeleton 
> document to serve as the basis of the final report, which is attached 
> within. The key takeaways are:
>
>  1. The existing NetSec requirements stink
>  2. The other security standards don’t stink, but don’t really fit either
>  3. We should keep the NSSRs as the base document, but heavily update
>     them.
>  4. We should try to charter a new WG to continue to work on that
>     updating process, but continue as a subcommittee of the SCWG post
>     July 3, until this is done.
>
> What’s missing from the document (apart from common sense, clarity of 
> text and purpose)? The external standards which were considered, but 
> rejected as not particularly good fit. The other members of the WG 
> will be able to fill in those details with better memory than I can. 
> Hopefully we can discuss this at the next meeting. I don’t think that 
> we need be exhaustive in picking out every fault. It’s enough to say 
> “Standard X was considered, but it doesn’t really speak to delegated 
> third party deployments”, or “doesn’t mention multi-party access”, 
> that sort of thing.
>
> Regards,
>
> Neil
>
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180615/bd4b16e5/attachment-0001.html>


More information about the Netsec mailing list