[cabfpub] Send us you list of current problems with the Network Security Guidelines
Dean_Coclin at symantec.com
Fri Jun 9 21:09:11 UTC 2017
One specific complaint from the auditors I believe was the specific time requirements in the document. For example, if it said you have to change the password at 90 days, and you did it on day 91, it would be an audit failure. I think Don has better examples but that's one I recall.
Sent from my iPhone
On Jun 9, 2017, at 4:35 PM, Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Bruce and I want to collect a preliminary list of current problems with the Network Security Guidelines (technically, the Network and Certificate System Security Requirements), so we can have a good discussion of possible new directions at the upcoming F2F.
To that end – please send Bruce and me a list of the specific requirements (and/or definitions) in the NetSec requirements that you think are most problematic and which should be changed or dropped. If possible, give us the following data for each problematic issue:
1. Section or definition of the NetSec Requirements that creates the problem
2. What is the problem?
3. What is a possible solution (drop, amend, supplement), with suggested language.
Bruce and I will combine all suggestions received and report anonymously to the whole group for a discussion in Berlin. That may give the new Working Group some useful guidance for its ongoing work after that.
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public