[Servercert-wg] Ballot SC40: Security Requirements for Air-Gapped CA Systems

Ryan Sleevi sleevi at google.com
Wed Feb 3 20:51:11 UTC 2021


On Wed, Feb 3, 2021 at 3:46 PM Aaron Gable via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Thanks! Just one questions on specifics:
>
> > 5a. Review configurations of Air-Gapped CA Systems at least on an annual
> basis;
>
> Regular review of configuration of air-gapped systems seems good, but this
> sounds like it requires CAs to retrieve and turn on air-gapped systems
> which would otherwise be able to remain untouched. Is there another form of
> configuration review which does not require access to the system itself
> that is intended here?
>

How would you know they had indeed actually otherwise remained untouched?
:)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210203/fcca02ba/attachment-0001.html>


More information about the Servercert-wg mailing list