[cabf_netsec] Definition of "CA Equipment" for BR sec. 5.1

Ben Wilson bwilson at mozilla.com
Thu May 28 22:21:07 MST 2020

As a follow up to discussions today regarding the "zones" ballot and
putting physical security requirements into section 5.1 of the BRs, there
was a comment to one of the drafts[1] about "CA Equipment", since that term
is often used in section 5.1.  I doubt many CAs have defined the term in
their CPs or CPSes.  I'm also not sure whether it is defined in audit

Here is a first stab at defining the term:

CA equipment:  servers (CA, database, CRL, OCSP, www, etc.), load
balancers, firewalls, routers, network appliances, security appliances, and
other hardware components used in the issuance and management of
certificates, but does not include hardware outside the physical security
boundary of the CA’s _____ such as CDNs, etc.

Thoughts or suggestions?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200528/bafdc32f/attachment.html>

More information about the Netsec mailing list