[cabf_netsec] SCXX: Offline CA Security Requirements

[Chander, Pavan]

Hi Ben,

I notice there aren’t any changes to 1.c in your diff. Just wanted to check if that was a purposeful omission?

Now that your proposed wording defines Offline CA Systems as air-gapped, perhaps requirement 1.c about Root CAs being in either “offline state OR air-gapped” should be updated to either say “offline AND air-gapped” or something similar to “Maintain Root CA Systems in a High Security Zone as an Offline CA System”?

Pavan

From: Netsec <netsec-bounces at cabforum.org> On Behalf Of Ben Wilson via Netsec
Sent: Monday, June 29, 2020 12:14 PM
To: CABF Network Security List <netsec at cabforum.org>
Subject: [EXT] [cabf_netsec] SCXX: Offline CA Security Requirements

The Document Structure subgroup (Tim Crawford, David Kluge, and myself) met this morning and finalized the following ballot.  We need a proposer and two endorsers:

https://github.com/cabforum/documents/compare/095fc4f7992dbd186503a4b0ec4e643ae4ea1624...BenWilson-Mozilla:99ea75f4ad19c58a7f9eb2829e63fb1678a838fa<https://secure-web.cisco.com/1xWwZd_cmeFl6Wo_6UnD9yndY-91SE2BLQMB66tkJxNbdveawFdMG_dr9LWTsW1fgDVwMiS_8LaIZXgfaqYETPEu3j6PnWGrwkWsRkIdgj_DM8YJ33XziwfwlLH3MN_Br9VDqnSD2GutwLZekzB4gEPisbmmUVHAwtA4Kvz6jBiEIvXdHsXVoS3l9ZfaQtby1FcOt1Qkl8fbZdZ5MXCLpoOCE7GzJElyWhF_c7_8uV6wR8UlGN7lpl93ubChysPb6etjUMF2ikThUPLxT7kHOs6JJPMjRhdOHt_zQJMVvnykLz5JPDe2bdo94McAJQ5hclWG7d10oiAtnM4y79R1r8w/https%3A%2F%2Fgithub.com%2Fcabforum%2Fdocuments%2Fcompare%2F095fc4f7992dbd186503a4b0ec4e643ae4ea1624...BenWilson-Mozilla%3A99ea75f4ad19c58a7f9eb2829e63fb1678a838fa>

Thanks,

Ben

Confidentiality Warning:

Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited (“DTTL”). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see www.deloitte.com/about<http://www.deloitte.com/about> to learn more.

This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. Thank You.

If you do not wish to receive future commercial electronic messages from Deloitte, forward this email to unsubscribe at deloitte.ca<mailto:unsubscribe at deloitte.ca>

Avertissement de confidentialité:

Deloitte désigne un cabinet membre de Deloitte, une de ses entités liées ou Deloitte Touche Tohmatsu Limited (DTTL). Chaque cabinet membre de Deloitte constitue une entité juridique distincte et est membre de DTTL. DTTL n’offre aucun service aux clients. Pour en apprendre davantage, voir www.deloitte.com/ca/apropos<http://www.deloitte.com/ca/apropos>.

Ce message, ainsi que toutes ses pièces jointes, est destiné exclusivement au(x) destinataire(s) prévu(s), est confidentiel et peut contenir des renseignements privilégiés. Si vous n’êtes pas le destinataire prévu de ce message, nous vous avisons par la présente que la modification, la retransmission, la conversion en format papier, la reproduction, la diffusion ou toute autre utilisation de ce message et de ses pièces jointes sont strictement interdites. Si vous n’êtes pas le destinataire prévu, veuillez en aviser immédiatement l’expéditeur en répondant à ce courriel et supprimez ce message et toutes ses pièces jointes de votre système. Merci.

Si vous ne voulez pas recevoir d’autres messages électroniques commerciaux de Deloitte à l’avenir, veuillez envoyer ce courriel à l’adresse unsubscribe at deloitte.ca<mailto:unsubscribe at deloitte.ca>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20200629/94bdd577/attachment.html>