[cabf_netsec] [EXTERNAL]Re: "Zones" Ballot Endorsers

Bruce Morton Bruce.Morton at entrustdatacard.com
Thu May 28 11:33:21 MST 2020

Hi Ben,

Thanks for all the work on this ballot. I am wondering if we should try to remove physical security and physical access requirements from the NetSec document. Physical Security requirements could be put into BR 5.1 in a section called Physical Security Controls.

For instance, item 1.c. states “Maintain Root CA Systems in a Physically Secure Environment and in an offline state or air-gapped from all other networks.” This could be changed so that 1.c. states “Maintain Root CA Systems in an offline state or air-gapped from all other networks” and BR 5.1 could state “Maintain CA Systems in a physically secure environment.”

It also seems that now that the old zone definitions have been combined and now Physically Secure Environment now covers both physical and logical environments. If we eliminate physical security, then we could just address logical security which could be better applied to the NetSec document.

In a future ballot, we might want to push some of the Trusted Role requirements into BR 5.2.

Thanks, Bruce.

From: Netsec <netsec-bounces at cabforum.org> On Behalf Of Neil Dunbar via Netsec
Sent: Tuesday, May 26, 2020 7:42 AM
To: netsec at cabforum.org
Subject: [EXTERNAL]Re: [cabf_netsec] "Zones" Ballot Endorsers

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

I'm happy to endorse, Ben. Trev and David also said they would be good to endorse the ballot.

On 13/05/2020 20:58, Ben Wilson via Netsec wrote:
I can't remember whether there were people who volunteered to be endorsers of the "Zones" ballot.

See below:

Ballot and Explanation - https://docs.google.com/document/d/1Xlbg-0Hg1A3Px1Gj8XCQFSal5V_84hBjtVwohbXqiqM/edit?usp=sharing

Redlined version of NCSSRs - https://drive.google.com/file/d/1n6LPNN0WJY9Cdw5qOl2-fFzQxBiZtw-q/view?usp=sharing


Netsec mailing list

Netsec at cabforum.org<mailto:Netsec at cabforum.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200528/1596fe3e/attachment.html>

More information about the Netsec mailing list