[cabf_netsec] Invitation to Threat Modeling Discussion on Additional Network Security Controls

Ben Wilson bwilson at mozilla.com
Mon Aug 24 09:45:15 MST 2020

For the reasons outlined below, we need each CA to send someone
knowledgeable about network security to our next Threat Modeling subgroup
meeting, to be held on Thursday, Sept. 3rd, at 1:00 p.m. Eastern Daylight
Time (1700 UTC). Please send me and Mariusz the name of someone who can
attend and we'll send them an invite.

In recent meetings of the NetSec group and the Document Restructuring
subgroup we have discussed the "Zones" Ballot.  We have referred some
discussion to the Threat Modeling subgroup. Specifically, how do we handle
the replacement of NCSSR section 1.e., which currently reads, "Implement
and configure Security Support Systems that protect systems and
communications between systems inside Secure Zones and High Security Zones,
and communications with non-Certificate Systems outside those zones
(including those with organizational business units that do not provide
PKI-related services) and those on public networks"? The proposed
replacement ("Implement and configure Security Support Systems to secure
communications and protect Certificate Systems from attacks emanating from
non-trusted networks")has been criticized as too weak. Can we add
additional controls to address this issue?

1 - We have discussed authentication and encryption as preventative
measures, and continuous monitoring as a detective measure. (E.g. what is
meant by "fully authenticated", "end-to-end encryption", etc., and are
there standards that use similar language which might be helpful?)

2 - We hope to focus on cloud-based networking security controls and
similar situations where a common internal network needs to protect highly
sensitive CA processes.

3 - Aside from user authentication, I also have a concern about the
authentication/system access by non-user system accounts and system
processes. How do we protect them from being hijacked? Should this be part
of the discussion, too?

In sum, how can we modify section 1.e. so that it adequately protects
against network-based attacks?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20200824/a41e82d3/attachment.html>

More information about the Netsec mailing list