[cabfcert_policy] Review Framework for Next Tuesday
Ben Wilson
ben.wilson at digicert.com
Tue Feb 24 08:22:34 MST 2015
I just sent a pre-ballot to the public list. Let’s review and discuss.
From: i-barreira at izenpe.net [mailto:i-barreira at izenpe.net]
Sent: Tuesday, February 24, 2015 7:42 AM
To: Ben Wilson; policyreview at cabforum.org
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
Ben,
In ETSI we´re thinking on dealing now with “converting” the upcoming EN into
a RFC 3647 doc compliant. It´s not decided yet and not even what kind of
approach and/or degree of development, but I´d prefer to stop now rather
than continuing and then modify everything again.
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: Ben Wilson [mailto:ben.wilson at digicert.com]
Enviado el: martes, 03 de febrero de 2015 16:58
Para: Barreira Iglesias, Iñigo; policyreview at cabforum.org
<mailto:policyreview at cabforum.org>
Asunto: RE: [cabfcert_policy] Review Framework for Next Tuesday
Here are my conversion steps:
Save PDF as a Word Document.
Clip and paste text from there into a new document as generic text.
Clip and paste generic text to spreadsheet
Add sorting numbers 1, 2, 3, to new left column in Spreadsheet
Sort by Column B
Delete all blank rows
Sort by Column A
Re-place sorting numbers 1, 2, 3 to left column
Sort other columns and move text into text column, titles into title column,
and section numbers into section column. Clip and paste text from
spreadsheet to blank document to remove tab and line formatting and paste
back into single text cell.
Sort columns B, C and D and delete all blank rows
Sort by Column A
Re-place sorting numbers 1, 2, 3 to left column
Add final sorting number scheme and save.
From: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net>
[mailto:i-barreira at izenpe.net] <mailto:[mailto:i-barreira at izenpe.net]>
Sent: Tuesday, February 3, 2015 8:48 AM
To: Ben Wilson; policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
How can you be so quick? I took me more than an hour and you apparently did
it in 15 minutes.
Well, this is mine. I haven´t included all clauses like you, only those
relevant to the RFC 3647. Decide which you one prefer.
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: Ben Wilson [mailto:ben.wilson at digicert.com]
Enviado el: martes, 03 de febrero de 2015 16:21
Para: Barreira Iglesias, Iñigo; policyreview at cabforum.org
<mailto:policyreview at cabforum.org>
Asunto: RE: [cabfcert_policy] Review Framework for Next Tuesday
Here is the new version of 319 401.
From: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net>
[mailto:i-barreira at izenpe.net] <mailto:[mailto:i-barreira at izenpe.net]>
Sent: Tuesday, February 3, 2015 7:05 AM
To: Ben Wilson; policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
Ben,
I´ll have to review the other 2 excel sheets because you were using old
versions so will need to update all these sorting keys. This will take some
time. Let´s see if I can finish those 2 by the end of the week and the CA
mapping criteria for next one
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: Ben Wilson [mailto:ben.wilson at digicert.com]
Enviado el: lunes, 02 de febrero de 2015 18:27
Para: Barreira Iglesias, Iñigo; policyreview at cabforum.org
<mailto:policyreview at cabforum.org>
Asunto: RE: [cabfcert_policy] Review Framework for Next Tuesday
Iñigo,
Here is an edited version. I added more of the BR to RFC 3647 mapping to
this document from the sheet I circulated last week. I also added a primary
sort key (to use for controlling the sorting in future versions). The
column for the ETSI references is to the right of where you put them, so I
moved them over one column to the right. The ETSI Sort Key column is used
whenever needed to create a table that is mapped according to ETSI’s
numbering system. The column currently uses a combination of approaches
based on the ETSI document used (319 411-1, etc.). I emailed a table of
these to the group a couple of weeks ago. If your additions are based on a
new document, then I need to create a sort key that works with the other two
I have been using. Hopefully we can work toward achieving a single indexing
scheme. So, anyway, the next task that you or I could work on would be to
add these references and primary sort keys and delete the outdated (or
soon-to-be-outdated) ones that are there.
Thanks,
Ben
From: policyreview-bounces at cabforum.org
<mailto:policyreview-bounces at cabforum.org>
[mailto:policyreview-bounces at cabforum.org]
<mailto:[mailto:policyreview-bounces at cabforum.org]> On Behalf Of Ben Wilson
Sent: Monday, February 2, 2015 7:25 AM
To: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net> ;
policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: Re: [cabfcert_policy] Review Framework for Next Tuesday
Thanks. I’ll take a look and edit this today and send it back to you.
From: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net>
[mailto:i-barreira at izenpe.net]
Sent: Monday, February 2, 2015 6:24 AM
To: Ben Wilson; policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
Hi Ben, all,
This is what I´ve been doing. Let me know if this is Ok for you so I can
continue (I don´t want to go ahead if is not worthy)
I´ve marked in yellow all the missing ETSI gaps and try to find in the 401
and 411-1 a clause that fits in. OTOH I´ve also marked in grey those ETSI
ones pointing to an “old” version of the document.
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: Ben Wilson [mailto:ben.wilson at digicert.com]
Enviado el: viernes, 30 de enero de 2015 15:13
Para: Barreira Iglesias, Iñigo; policyreview at cabforum.org
<mailto:policyreview at cabforum.org>
Asunto: RE: [cabfcert_policy] Review Framework for Next Tuesday
Thanks. I’ll try and work on it some more. Here is a crosswalk mapping
table from the Baseline Requirements and Network/Certificate System Security
Requirements over to the RFC 3647 CP/CPS framework (as used by NIST’s IR
7924).
BR / NetSec
Title
NIST 7924
(RFC 3647)
Title
Preface Page
1.1
Overview
Notice to Readers
1.5
Policy administration
CA/B Forum Members
1.3
PKI Participants
Document History
1.2
Document Name and identification
Implementers' Note
8
Compliance Audit
Relevant Compliance Dates
1.2.2
Relevant Dates
1, 2
Scope, Purpose
1.1
Overview
3
References
1.6.3
References
4
Definitions
1.6.1
Definitions
5
Abbreviations and Acronyms
1.6.2
Abbreviations and Acronyms
6
Conventions
1.6.4
Conventions
7
Certificate Warranties and Representations
9.6
Representations and Warranties
8.1
Compliance
8, 9.16.3
Compliance Audit, Severability
8.2
Certificate Policies
2
Publication of Information
8.3
Commitment to Comply
2.1
Repositories
8.4
Trust Model
3.2.6
Criteria for Interoperation or Certification
9.1
Issuer Information
7.1.4.1
Name Forms: Issuer
9.2
Subject Information
7.1.4.2
Name Forms: Subject
9.3.1
Certificate Policy Identification
1.2
Document Name and identification
9.3.2-9.3.4
Root, Subordinate, and Subscriber Certificates
7.1.6
Certificate Policy Object Identifier
9.4
Validity Period
6.3.2
Certificate Operational Periods and Key Pair Usage Periods
9.4.2
SHA-1 Validity Period
7.1.3
Algorithm Object Identifiers
9.5
Public Key
6.1.3, 6.1.1.3
Public Key Delivery to Certificate Issuer, Subscriber Key Pair Generation
9.6
Certificate Serial Number
7.1
Certificate Profile
9.7
Technical Constraints in Subordinate CA Certificates via Name Constraints
and EKU
7.1.5
Name Constraints
9.8
Additional Technical Requirements
6, 7.1
Technical Security Controls or Certificate Profile, as appropriate
10
Certificate Application
4
Certificate Life-Cycle Requirements
10.1
Documentation Requirements
4.1.2
Enrollment Process and Responsibilities
10.2
Certificate Request
4.1 and 4.2
Certificate Applications
10.2.4
Subscriber Private Key
6.1.2
Private Key Delivery to Subscriber
10.2.5
Subordinate CA Private Key
6.2.4, 6.2.6
Private Key Backup, Private Key Transfer into or from a Cryptographic Module
10.3
Agreements/Terms of Use
9.6.3
Subscriber Representations and Warranties
11.1
Authorization by Domain Name Registrant
3.2.2
Authentication of Organization and Domain Identity
11.2.3
Authenticity of Certificate Request
3.2.5
Validation of Authority
11.2.4
Verification of Individual Applicant
3.2.3
Authentication of Individual Identity
11.2.5
Verification of Country
3.2.2.3
Verification of Country
11.3
Age of Certificate Data
3.3.1
Identification and Authentication For Routine Re-Key
11.4
Denied List
4.1.1
Who Can Submit a Certificate Application
11.5
High Risk Requests
4.2.1
Performing Identification and Authentication Functions
11.6
Data Source Accuracy
3.2.2.7
Data Source Accuracy
12
Certificate Issuance by a Root CA
4.3.1
CA Actions During Certificate Issuance
13.1.1
Revocation Request
3.4, 4.9.2
Identification and authentication for revocation request, Who Can Request
Revocation
13.1.2
Certificate Problem Reporting
4.9.3
Procedure for Revocation Request
13.1.3
Investigation
4.9.5, 2.3
Time Within Which CA Must Process the Revocation Request, Time or frequency
of publication
13.1.4
Response
4.10.2
Service Availability
13.1.5
Reasons for Revoking a Subscriber Certificate
4.9.1.1
Reasons for Revoking a Subscriber Certificate
13.1.6
Reasons for Revoking a Subordinate CA Certificate
4.9.1.1, 5.7.3.2
Reasons for Revoking a Subordinate CA Certificate, Intermediate or
Subordinate CA Compromise Procedures
13.2
Certificate Status Checking
2
Repositories, Publication of certification information
13.2.1
Mechanisms
4.9,
4.9.11
Other Forms of Revocation Advertisements Available, Certificate Revocation
and Suspension
13.2.2
Repository
1.3,
4.9.7,
4.10
Service Availability, Certificate Status Servers
13.2.3
Response Time
4.9.8
Maximum Latency for CRLs
13.2.4
Deletion of Entries
4.10.1
Operational Characteristics
13.2.5
OCSP Signing
4.9.9
On-line Revocation/Status Checking Available
13.2.6
Response for Non-Issued Certificates
4.9.10
On-line Revocation Checking Requirements
13.2.7
Certificate Suspension
4.9.13
Circumstances for Suspension
14.1
Trustworthiness and Competence
5.2
Procedural Controls
14.1.1
Identity and Background Verification
5.3.1
Qualifications, Experience, and Clearance Requirements
14.1.1
Identity and Background Verification
5.3.2
Background Check Procedures
14.1.2
Training and Skill Level
5.3.3, 5.3.4
Training Requirements and Retraining Frequency and Requirements
14.2
Delegation of Functions
1.3.2, 5.3.7
Registration Authorities, Independent Contractor Requirements
15
Data Records
2
Repositories, Publication of certification information
15.1
Documentation and Event Logging
5.4.1
Types of Events Recorded
15.2
Events and Actions
5.4.1
Types of Events Recorded (and Certificate renewal, re-key, modification, in
4.6-4.8, as appropriate)
15.3.1
Audit Log Retention
5.4.3, 5.5
Retention period for Audit Log, Records Archival
15.3.2
Documentation Retention
5.5.1, 5.5.2
Retention Period for Archive
16.1
Objectives, Security Plan, Business Continuity, System Security, Private Key
Protection
5
Facility, Management, and Operational Controls,
16.2
Risk Assessment
5, 5.4.8
Facility, Management, and Operational Controls, and Vulnerability
Assessments
16.3
Security Plan
5
Facility, Management, and Operational Controls,
16.4
Business Continuity
5.7.4
Business Continuity
16.5
System Security
5
Facility, Management, and Operational Controls,
16.6
Private Key Protection
6.2
Private Key Protection and Cryptographic Module Engineering
17
Audit
8.2
Frequency or Circumstances of Assessment
17.1
Eligible Audit Schemes
8.1
Topics Covered By Assessment
17.2
Audit Period
8.2
Frequency or Circumstances of Assessment
17.3
Audit Report
8.6
Communication of Results
17.4
Pre-Issuance Readiness Audit
8.2
Frequency or Circumstances of Assessment
17.5
Audit of Delegated Functions
8.1
Topics Covered By Assessment
17.6
Auditor Qualifications
8.3
Identity/Qualifications of Assessor
17.7
Key Generation Ceremony
6.1.1
Key Pair Generation
17.8
Regular Quality Assessment Self Audits
8.7
Self-Audits
17.9
Regular Quality Assessment of Technically Constrained Subordinate CAs
8.7
Self-Audits
18.1
Liability to Subscribers and Relying Parties
9.8
Limitations of Liability
18.2
Indemnification of Application Software Suppliers
9.9.1
Indemnities
18.3
Root CA Obligations
9.6.1
CA Representations and Warranties
Appendix A
Cryptographic Algorithm and Key Requirements (Normative)
6.1.5
Key Sizes
Appendix A (1)
Root CA Certificates
6.1.5
Key Sizes
Appendix A (2)
Subordinate CA Certificates
6.1.5
Key Sizes
Appendix A (3)
Subscriber Certificates
6.1.5
Key Sizes
Appendix A (4)
General Requirements for Public CAs
6.1.6
Public Key Parameters Generation and Quality Checking
Appendix B
Certificate Extensions (Normative)
6.1.7, 7.1.2
Key Usage Purposes, Certificate Extensions
Appendix B (1)
Root CA Certificate
7.1.2.1
Key Usage Purposes, Certificate Extensions
Appendix B (2)
Subordinate CA Certificate
7.1.2.2
Key Usage Purposes, Certificate Extensions
Appendix B (3)
Subscriber Certificate
7.1.2.3
Key Usage Purposes, Certificate Extensions
Appendix B (4)
All Certificates
7.7.2.4
Key Usage Purposes, Certificate Extensions
Appendix C
User Agent Verification (Normative)
2.2
Publication of Information
NetSec Intro
General Protections for the Network and Supporting Systems
5.1.2
Physical Access
NetSec Intro
Delegated Responsibilities
1.3.2, 5.3.7
Registration Authorities, Independent Contractor Requirements
NetSec 1.a-d
System Security
6.5.1.6
System Isolation and Partitioning
NetSec 1.a.
Segment Network
6.7.1
Isolation of Networked Systems
NetSec 1.b.
Zone Controls
6.7.2
Boundary Systems
NetSec 1.c.
High Security Zone
6.7.2.2
Special Access Zone Boundary
NetSec 1.d.
Security Zone
6.7.2.1
PKI Network Zones Overview
NetSec 1.e, 2.n.
Security Support Systems / Public Networks
6.7.3, 6.7.4
Availability, Communications Security
NetSec 1.f.
NetSec 1.g.
Security Zone
6.7.2.3
Restricted Zone Boundary, Operational Zone Boundary
NetSec 1.g.
NetSec 1.h.
3.a, 4.a
Access Management
6.6.2
Security Management Controls
NetSec. 1.i.
Administrative Access
5.2.1.1
Trusted Roles: CA Administrator
NetSec 2.a.
NetSec 2.b.
Trusted Roles
5.2.1
Trusted Roles
NetSec 2.a.
NetSec 2.k.
Trusted Role Appointment / Authentication
5.2.3
Identification and Authentication for Each Role
NetSec 2.b.
Trusted Roles
5.2.1, 5.2.4
Trusted Roles, Roles Requiring Separations of Duties
NetSec 2.c.
System Access
5.2.3
Identification and Authentication for Each Role
Net Sec. 2 d
Scope of Duties
5.3.6
Sanctions for Unauthorized Actions
NetSec 2.e.
Least Privilege
6.5.1.2
Least Privilege
NetSec 2.f.
Access Controls
5.2.3
Identification and Authentication for Each Role
NetSec 2.g.
NetSec 2.k.
Passwords
6.5.1.4
Authentication: Passwords and Accounts
NetSec 2.h.
NetSec 2.i.
Session Locks
6.5.1.3
Access Control Best Practices
NetSec 2.i.
NetSec 2.l.
Disable Inactive Accounts
6.5.1.1
Account Management
NetSec 2.i
Inactivity Time-Outs
6.7.4.3
Network Disconnect
NetSec 1.j.
NetSec 2.m
Multi-Factor Authentication
5.2.3
Identification and Authentication for Each Role
NetSec 2.n
Multi-Factor Authentication
5.2.3
Identification and Authentication for Each Role
NetSec 2.o
Remote Administration
6.7.6
Remote Access/External Information Systems
NetSec 3.a.
Configuration Management
6.5.1.8
Software and Firmware Integrity
NetSec 3.a-c
6.7.5.2
Monitoring devices
Net Sec. 3.b.
Logging, Monitoring, Alerting
5.4
Audit logging procedures
NetSec 3.c.
Monitoring
6.7.5
Network Monitoring, Monitoring of Security Alerts, Advisories, and
Directives
Net Sec 3.d.
Net Sec 3.e.
Response to Alerts / Frequency of Processing Logs
5.4.2
Frequency of Processing Log
Net Sec 3.f.
Audit Log Retention
5.4.3
Retention Period for Audit Log
NetSec 4.a
System Security
6.5.1.7
Malicious Code Protection
Net Sec 4.b.
Vulnerabiltiy Remediation
5.7.1
Incident and Compromise
NetSec 1.l.
NetSec 4.b.
NetSec 4.c.
NetSec 4.f.
Vulnerability Detection Program / Security Patches
6.6.3
Life Cycle Security Controls
NetSec 4.d.
NetSec 4.e.
Penetration Testing
6.7.7
Penetration Testing
From: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net>
[mailto:i-barreira at izenpe.net] <mailto:[mailto:i-barreira at izenpe.net]>
Sent: Friday, January 30, 2015 6:23 AM
To: Ben Wilson; policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
Ben,
I´m trying to fill the gaps but I see that you´re using an old version, can
you confirm that you have used the latest ones we published?
Check this out: http://docbox.etsi.org/ESI/Open/Latest_Drafts/
I will take me some time to update. Hopefully sometime during next week I
will able to provide something.
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: Ben Wilson [mailto:ben.wilson at digicert.com]
Enviado el: martes, 27 de enero de 2015 1:29
Para: Barreira Iglesias, Iñigo; policyreview at cabforum.org
<mailto:policyreview at cabforum.org>
Asunto: RE: [cabfcert_policy] Review Framework for Next Tuesday
I wasn’t able to fill in as much as I’d have liked to. Here is the raw
data. I’ll also prepare a comparison/mapping chart in Word/PDF for
everyone’s reference.
From: i-barreira at izenpe.net <mailto:i-barreira at izenpe.net>
[mailto:i-barreira at izenpe.net] <mailto:[mailto:i-barreira at izenpe.net]>
Sent: Monday, January 26, 2015 1:15 AM
To: Ben Wilson; policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: RE: [cabfcert_policy] Review Framework for Next Tuesday
Ben,
The ETSI EN 319 401 is a generic document for all type of TSPs but not all
TSPs issue certificates, for that, you can also have the EN 319 411-1 which
has some “answers” to those “empty” cells.
When you have your task ready I can complete with the 411.
Check this checklist. It´s not finished (the last tab with the comparison
with the CABF docs needs to be updated) but you can see where there´s a mix
of use of the 401 and 411.
Regards
Iñigo Barreira
Responsable del Área técnica
<mailto:i-barreira at izenpe.net> i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
De: policyreview-bounces at cabforum.org
<mailto:policyreview-bounces at cabforum.org>
[mailto:policyreview-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: sábado, 24 de enero de 2015 17:13
Para: policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Asunto: Re: [cabfcert_policy] Review Framework for Next Tuesday
I’m updating this document today, so if you’re reviewing it today or
tomorrow, let me know and I’ll send you a current version. Otherwise, I’ll
send everyone the updated version tomorrow afternoon, Mountain Time.
From: policyreview-bounces at cabforum.org
<mailto:policyreview-bounces at cabforum.org>
[mailto:policyreview-bounces at cabforum.org]
<mailto:[mailto:policyreview-bounces at cabforum.org]> On Behalf Of Ben Wilson
Sent: Friday, January 23, 2015 10:44 PM
To: policyreview at cabforum.org <mailto:policyreview at cabforum.org>
Subject: [cabfcert_policy] Review Framework for Next Tuesday
Here is the template that I’m using for next week. I still have to populate
NIST provisions into the cells on the left and more CABF Network Security
provisions into cells on the right. The basis for the ETSI provisions was
EN 319-401. I’ll see if I’ve missed anything for ETSI and pull those
provisions in. And, if I get time to put the WebTrust criteria into a
similar set of columns, I will.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20150224/d84d7a3e/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 19121 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20150224/d84d7a3e/attachment-0001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20150224/d84d7a3e/attachment-0001.bin
More information about the Policyreview
mailing list