[cabf_netsec] [cabfpub] Final report from the NetSec group

Ben Wilson ben.wilson at digicert.com
Fri Jun 22 08:49:59 MST 2018

Thanks,  Neil!


From: Public <public-bounces at cabforum.org> On Behalf Of Neil Dunbar via Public
Sent: Friday, June 22, 2018 1:24 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Final report from the NetSec group



Following on from the F2F discussions in London, where a report on the Network Security activity was sought, I’m attaching our final report.

The TL;DR is essentially:
 * We recognise that the NCSSRs are a bit outdated and don’t call out salient security features of today’s working environments
 * We looked at CIS and ISO27K as starting points to replace the NCSSRs but decided against such an approach
 * We don’t think that just dumping the NCSSRs and going forward with nothing is a good idea at all
 * We think that incremental changes to the NCSSRs, using a risk-assessment methodology probably represents the best way of bringing the requirements up to date in a way which forum members will be likely to find acceptable.

(Fellow NetSec members: if I’ve spoken out of turn in the above, feel free to correct me on-list)

Hope the document is useful in representing where our thoughts are. All feedback, commentary and general observations are most welcome.

Best regards,


Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180622/27ebdd55/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4934 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180622/27ebdd55/attachment.p7s>

More information about the Netsec mailing list