[cabfpub] Cert Policy Working Group activity

Dean Coclin Dean_Coclin at symantec.com
Thu Sep 10 20:48:37 UTC 2015

As many are aware the Cert Policy Working Group of the CA/B Forum has been
working to transition the Baseline Requirements from the current format to
RFC 3647 format. As part of this effort, which has taken quite a bit of
time, it made sense to pull in the Network Security Guidelines and merge
them into the 3647 document. 


Under the leadership of Ben Wilson, the working group is composed of a
variety of people that have expertise in policy (CP/CPS), network security
and CA operations. As part of this exercise, the group had the opportunity
to review other documents related to the various sections of the RFC that
showcase best practices such as the draft NIST IR, WebTrust, ETSI and
various vendor documentation. It became clear that adding best practices
from these various documents to the new work product will serve to improve
security for all CAs and the ecosystem as a whole. 


At our offsite meeting in Washington yesterday, the group made significant
progress in reviewing the various sections of 3647 and inserting (upgrading)
sections related to security areas (mostly operations). We still have a lot
of work to do but I just wanted to give folks an update and the opportunity
to express any concerns.


At this time, we are not merging the EV and BR documents but that is
something under discussion.


So to summarize:


.         BRs and Net Sec will be in 1 document formatted to RFC 3647

.         Areas not covered in BRs or NetSec (or inadequately covered) are
being added or "beefed up" using authoritative sources


Of course, once something is ready for review, the Working Group will
publish it to this list.





Dean Coclin

Chair CA/B Forum



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150910/b7dea129/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150910/b7dea129/attachment.p7s>

More information about the Public mailing list