[cabf_netsec] [EXTERNAL]- Definition of "Air Gapped"
Inigo.Barreira at sectigo.com
Tue Oct 18 07:42:57 UTC 2022
I support option C and clarify what Pedro is suggesting.
De: Netsec <netsec-bounces at cabforum.org> En nombre de Pedro FUENTES via
Enviado el: sábado, 15 de octubre de 2022 8:40
Para: Ben Wilson <bwilson at mozilla.com>; CABF Network Security WG
<netsec at cabforum.org>
Asunto: Re: [cabf_netsec] [EXTERNAL]- Definition of "Air Gapped"
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.
In principle I would say that extending the concept of lack of connectivity
to Electrical Connections would impose a big challenge, because even if
the systems are normally powered off and electrical cables are disconnected,
at the moment of powering up the systems (i.e. for a ceremony) wed be
breaching that requirement.
On 15 Oct 2022, at 05:39, Ben Wilson via Netsec <netsec at cabforum.org
<mailto:netsec at cabforum.org> > wrote:
Both https://csrc.nist.gov/glossary/term/air_gap and
https://www.rfc-editor.org/rfc/rfc4949 define "air gap" as "An interface
between two systems at which (a) they are not connected physically and (b)
any logical connection is not automated (i.e., data is transferred through
the interface only manually, under human control)."
But this definition seems antiquated and not entirely clear. For instance,
it doesn't address wireless connections, only physical connections. Also, I
believe that use of the word "interface" and other language in that
definition have the potential to cause confusion.
RFC 4949 does clarify the definition with a parenthetical and an example:
(See: sneaker net. Compare: gateway.)
Example: Computer A and computer B are on opposite sides of a room. To move
data from A to B, a person carries a disk across the room. If A and B
operate in different security domains, then moving data across the air gap
may involve an upgrade or downgrade operation.
One potential definition of "air-gapped" (Alternative A) could be
"separation between two devices or networks because they lack an electrical
or wireless connection, which prevents them from communicating except by
some external, manual, human interaction (e.g. computer A and computer B are
on opposite sides of a room, and to move data from A to B, a person must
carry a transfer device across the room)."
Alternative B could be: "the absence of connections (electrical, wireless,
or any other networking) that prevents a system from communicating with
another system and requires human intervention and a transfer device for
data to move between the two systems."
Alternative C would be to define "Air Gap", as above in the CSRC/RFC
definition, and add the words "or wirelessly", so that it would read "An
interface between two systems at which (a) they are not connected physically
or wirelessly and (b) any logical connection is not automated (i.e., data is
transferred through the interface only manually, under human control)."
Also, I'll raise it here, for completeness, but I'm thinking we do not want
to enlarge the scope of "air-gapped" to allow cryptographic, tunneled
connections. I'm inclined to keep our definition simple (and hence hopefully
more secure), but if anyone has other suggestions, please feel free to chime
Please provide Alternatives D to Z.
Finally, while I'm thinking about it, in the NCSSRs, do we want to consider
"powered off and locked in a safe" separately from "air gapped" - it seems
there might be a different risk profile?
Thanks in advance,
Netsec mailing list
Netsec at cabforum.org <mailto:Netsec at cabforum.org>
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
Stay connected with
THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey
identity. If you get a mail from WISeKey please check the signature to avoid
CONFIDENTIALITY: This email and any files transmitted with it can be
confidential and its intended solely for the use of the individual or
entity to which they are addressed. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. If you have received
this email in error please notify the sender
DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this
message and does not accept any liability for any errors or omissions herein
as this message has been transmitted over a public network. Internet
communications cannot be guaranteed to be secure or error-free as
information may be intercepted, corrupted, or contain viruses. Attachments
to this e-mail are checked for viruses; however, we do not accept any
liability for any damage sustained by viruses and therefore you are kindly
requested to check for viruses upon receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6853 bytes
Desc: not available
More information about the Netsec