[cabf_netsec] Draft Final Report of the NetSec WG
Neil Dunbar
ndunbar at trustcorsystems.com
Fri Jun 15 06:44:02 MST 2018
Version 2, now with less acid on the existing NSSRs, and a little (but nowhere near enough, I think) more on the security standards proposed as replacements for the NSSRs. Some suggestions on more appropriate wording most definitely desired.
I’ve also included an explicit conclusion that we dislike (profoundly) the notion of going back to a no-guidance world.
Regards,
Neil
> On 15 Jun 2018, at 14:37, Dimitris Zacharopoulos via Netsec <netsec at cabforum.org> wrote:
>
> +1 for both comments.
>
>
> On 15/6/2018 3:53 μμ, Tim Hollebeek via Netsec wrote:
>> I think this is an excellent start, but I do have some comments.
>>
>> I think conclusion #1 is overly critical of the NSSRs. While we certainly did find some areas where there need to be significant improvements, I think the consensus of the group was that the majority of the content continues to be relevant and important, and they are certainly much more useful than anything else that is out there that could be adopted.
>>
>> Given that wholesale removal of the NSSRs was one of the options contemplated in the charter, I think the report needs to make it very clear that returning to the pre-DigiNotar situation where there are no requirements at all in this area would be completely irresponsible.
>>
>> -Tim
>>
>> From: Netsec [mailto:netsec-bounces at cabforum.org <mailto:netsec-bounces at cabforum.org>] On Behalf Of Neil Dunbar via Netsec
>> Sent: Thursday, June 14, 2018 10:42 AM
>> To: CA/Browser Forum Network Security WG List <netsec at cabforum.org> <mailto:netsec at cabforum.org>
>> Subject: [cabf_netsec] Draft Final Report of the NetSec WG
>>
>> Colleagues,
>>
>> Following on from the London discussion, I’ve prepared a skeleton document to serve as the basis of the final report, which is attached within. The key takeaways are:
>>
>> The existing NetSec requirements stink
>> The other security standards don’t stink, but don’t really fit either
>> We should keep the NSSRs as the base document, but heavily update them.
>> We should try to charter a new WG to continue to work on that updating process, but continue as a subcommittee of the SCWG post July 3, until this is done.
>>
>> What’s missing from the document (apart from common sense, clarity of text and purpose)? The external standards which were considered, but rejected as not particularly good fit. The other members of the WG will be able to fill in those details with better memory than I can. Hopefully we can discuss this at the next meeting. I don’t think that we need be exhaustive in picking out every fault. It’s enough to say “Standard X was considered, but it doesn’t really speak to delegated third party deployments”, or “doesn’t mention multi-party access”, that sort of thing.
>>
>> Regards,
>>
>> Neil
>>
>>
>>
>> _______________________________________________
>> Netsec mailing list
>> Netsec at cabforum.org <mailto:Netsec at cabforum.org>
>> http://cabforum.org/mailman/listinfo/netsec <http://cabforum.org/mailman/listinfo/netsec>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org <mailto:Netsec at cabforum.org>
> http://cabforum.org/mailman/listinfo/netsec <http://cabforum.org/mailman/listinfo/netsec>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180615/9e71de9d/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Draft-NetSec-Report.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 133288 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180615/9e71de9d/attachment-0001.docx>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180615/9e71de9d/attachment-0003.html>
More information about the Netsec
mailing list