CA/Browser Forum posts
Posts by tag Network Security
Ballot NS-001: Adopt Network and Certificate System Security Requirements
February 8, 2022 by Ben WilsonThis email begins the discussion period for Ballot NS-001: Adopt Network and Certificate System Security Requirements. PURPOSE OF BALLOT The purpose of this ballot is for the Networking Security Working Group to formally adopt version 1.7 of the Network and Certificate System Security Requirements as currently published by the CA/Browser Forum. MOTION The following motion has been proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of DigiCert and Ben Wilson of Mozilla.
February 8, 2022 by Ben WilsonThis email begins the discussion period for Ballot NS-001: Adopt Network and Certificate System Security Requirements. PURPOSE OF BALLOT The purpose of this ballot is for the Networking Security Working Group to formally adopt version 1.7 of the Network and Certificate System Security Requirements as currently published by the CA/Browser Forum. MOTION The following motion has been proposed by Clint Wilson of Apple and endorsed by Tim Hollebeek of DigiCert and Ben Wilson of Mozilla.
2022-02-01 Minutes of the Network Security Working Group
February 1, 2022 by Clint WilsonClint Wilson leading the meeting. Request a volunteer for minutes. Dan Jeffery volunteers. Clint reads the antitrust statement Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randal, Christophe Bonjean, Clint Wilson, Corey Bonnell, Corey Rasmussen, Curt Spann, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Israel Ventura, Jillian Karner, Kati Davids, Martjin Katerbarg, Niko Carpenter, Prachi Jain, Roman Fischer, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White
February 1, 2022 by Clint WilsonClint Wilson leading the meeting. Request a volunteer for minutes. Dan Jeffery volunteers. Clint reads the antitrust statement Attendees: Adam Jones, Antti Backman, Ben Wilson, Brittany Randal, Christophe Bonjean, Clint Wilson, Corey Bonnell, Corey Rasmussen, Curt Spann, Daniel Jeffery, Daryn Wright, David Kluge, Dustin Hollenback, Israel Ventura, Jillian Karner, Kati Davids, Martjin Katerbarg, Niko Carpenter, Prachi Jain, Roman Fischer, Ruben Annemans, Thomas Connelly, Tim Crawford, Tobias Josefowitz, Tony Seymour, Trevoli Ponds-White
2022-01-18 Minutes of the Network Security Working Group
January 18, 2022 by Ben WilsonThe following minutes were approved in the February 1, 2022 meeting of the NetSec WG. Net Sec WG – 1st Meeting – Jan. 18, 2022 Present: Ben Wilson – Mozilla, Don Sheehy – WebTrust, Dustin Ward – SSL.com, Martijn Katerbarg – Sectigo, Thomas Connelly – Federal PKI, Brittany Randall – GoDaddy, Clint Wilson – Apple, Kati Davids – GoDaddy, Samantha Frank – Let’s Encrypt, Corey Bonnell – DigiCert, Israel Ventura – Federal PKI, Tim Crawford – WebTrust, Wendy Brown – Federal PKI, Antti Backman – Telia, Jillian Karner – Let’s Encrypt, Prachi Jain – Fastly, Trevoli Ponds-White – Amazon Trust Services, Jozef Nigut – Disig, Christophe Bonjean – GlobalSign, Tobias Josefowitz – Opera, Daniel Jeffery – Fastly, Dustin Hollenback – Microsoft, Janet Hines – SecureTrust, Daryn Wright – GoDaddy, Miguel Sanchez – Google, Adam Jones – Microsoft, Rebecca Kelley – Apple, Tony Seymour – Comsign, Tim Hollebeek – DigiCert, Dean Coclin – DigiCert, Corey Rasmussen – OATI, Ruben Annemans – GlobalSign, Adam Jones – Microsoft, David Kluge – Google, Israel Ventura – Federal PKI
January 18, 2022 by Ben WilsonThe following minutes were approved in the February 1, 2022 meeting of the NetSec WG. Net Sec WG – 1st Meeting – Jan. 18, 2022 Present: Ben Wilson – Mozilla, Don Sheehy – WebTrust, Dustin Ward – SSL.com, Martijn Katerbarg – Sectigo, Thomas Connelly – Federal PKI, Brittany Randall – GoDaddy, Clint Wilson – Apple, Kati Davids – GoDaddy, Samantha Frank – Let’s Encrypt, Corey Bonnell – DigiCert, Israel Ventura – Federal PKI, Tim Crawford – WebTrust, Wendy Brown – Federal PKI, Antti Backman – Telia, Jillian Karner – Let’s Encrypt, Prachi Jain – Fastly, Trevoli Ponds-White – Amazon Trust Services, Jozef Nigut – Disig, Christophe Bonjean – GlobalSign, Tobias Josefowitz – Opera, Daniel Jeffery – Fastly, Dustin Hollenback – Microsoft, Janet Hines – SecureTrust, Daryn Wright – GoDaddy, Miguel Sanchez – Google, Adam Jones – Microsoft, Rebecca Kelley – Apple, Tony Seymour – Comsign, Tim Hollebeek – DigiCert, Dean Coclin – DigiCert, Corey Rasmussen – OATI, Ruben Annemans – GlobalSign, Adam Jones – Microsoft, David Kluge – Google, Israel Ventura – Federal PKI
Ballot Forum-17 – Creation of Network Security Working Group
December 28, 2021 by Ben WilsonThe voting on ballot FORUM-17 has completed, and the ballot has passed. Voting Results Certificate Issuers 22 votes total, with no abstentions: 22 Yes votes: Buypass, Certum (Asseco), D-TRUST, DigiCert, Disig, eMudhra, Entrust, E-TUGRA, GDCA, GlobalSign, GoDaddy, HARICA, JPRS, Let’s Encrypt/ISRG, MSC Trustgate, OISTE, SECOM, Sectigo, SSL.com, SwissSign, Telia Company, SecureTrust, 0 No Votes 0 Abstentions NOTE: A vote placed by GlobalTrust was not received on the public list and will not be counted.
December 28, 2021 by Ben WilsonThe voting on ballot FORUM-17 has completed, and the ballot has passed. Voting Results Certificate Issuers 22 votes total, with no abstentions: 22 Yes votes: Buypass, Certum (Asseco), D-TRUST, DigiCert, Disig, eMudhra, Entrust, E-TUGRA, GDCA, GlobalSign, GoDaddy, HARICA, JPRS, Let’s Encrypt/ISRG, MSC Trustgate, OISTE, SECOM, Sectigo, SSL.com, SwissSign, Telia Company, SecureTrust, 0 No Votes 0 Abstentions NOTE: A vote placed by GlobalTrust was not received on the public list and will not be counted.
Ballot SC40 – Security Requirements for Air-Gapped CA Systems
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.
February 9, 2021 by Ben WilsonThis ballot was withdrawn and/or failed to go to a vote. This is a continuation of discussion on the air-gapped CA ballot. (As noted below, this formally continues the discussion for this ballot, as of 2021-02-08 17:00 UTC. This discussion period will continue until initiation of the Voting Period (TBD) unless extended or as otherwise determined, pursuant to the CA/Browser Forum Bylaws. I renumbered the sections - 5.1 for logical security and 5.
Ballot SC38: Alignment of Record Archival
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.
December 16, 2020 by Ben WilsonThis ballot failed to go to a vote and failed pursuant to the Bylaws. This begins the discussion period for Ballot SC38: Alignment of Record Archival (which I circulated a little while ago). The following ballot is proposed by Neil Dunbar of TrustCor Systems and endorsed by David Kluge of Google Trust Services and Ben Wilson of Mozilla. Purpose of Ballot: After the updated language included in SC28 Sections 5.4.3 and 5.
Ballot SC32 – NCSSRs Zones
July 23, 2020 by Ben WilsonThis ballot failed pursuant to the Bylaws. This email begins the discussion period for Ballot SC32. Purpose of Ballot: To remove ambiguity and delineate requirements for physical security and logical security. The Network and Certificate System Security Requirements (NCSSRs) were drafted with the concept of physical and logical “Zones” (Secure Zones, High Security Zones, and everything else outside those zones). However, the approach did not clearly separate the physical security aspects from the logical security aspects.
July 23, 2020 by Ben WilsonThis ballot failed pursuant to the Bylaws. This email begins the discussion period for Ballot SC32. Purpose of Ballot: To remove ambiguity and delineate requirements for physical security and logical security. The Network and Certificate System Security Requirements (NCSSRs) were drafted with the concept of physical and logical “Zones” (Secure Zones, High Security Zones, and everything else outside those zones). However, the approach did not clearly separate the physical security aspects from the logical security aspects.
Ballot SC20: System Configuration Management
March 23, 2020 by Ben WilsonThis ballot failed. Purpose of Ballot Section 1(h) of the Network and Certification Systems Security Requirements provides that CAs shall: Review configurations of Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems on at least a weekly basis to determine whether any changes violated the CA’s security policies; In relation to this requirement the WebTrust/PKI Assurance Task Force found and recommended that: Section 1h requires a weekly review of system configurations (…).
March 23, 2020 by Ben WilsonThis ballot failed. Purpose of Ballot Section 1(h) of the Network and Certification Systems Security Requirements provides that CAs shall: Review configurations of Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems on at least a weekly basis to determine whether any changes violated the CA’s security policies; In relation to this requirement the WebTrust/PKI Assurance Task Force found and recommended that: Section 1h requires a weekly review of system configurations (…).
Ballot SC-10: Establishing the Network Security Subcommittee of the SCWG
October 4, 2018 by Jos PurvisThe voting period for Ballot SC10 has ended and the ballot has passed. Here are the results. Voting by CAs – 18 votes total including abstentions 18 Yes votes: Buypass, Camerfirma, CFCA, Chunghwa Telecom, D-TRUST, DigiCert, Disig, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, HARICA, QuoVadis, SSL.com, TWCA, TrustCor, Trustwave, Visa 0 No votes: 0 Abstain: 100% of voting CAs voted in favor Voting by browsers – 4 votes total including abstentions 4 Yes votes: Cisco, Microsoft, Mozilla, 360 0 No votes: 0 Abstain: 100% of voting browsers voted in favor
October 4, 2018 by Jos PurvisThe voting period for Ballot SC10 has ended and the ballot has passed. Here are the results. Voting by CAs – 18 votes total including abstentions 18 Yes votes: Buypass, Camerfirma, CFCA, Chunghwa Telecom, D-TRUST, DigiCert, Disig, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, HARICA, QuoVadis, SSL.com, TWCA, TrustCor, Trustwave, Visa 0 No votes: 0 Abstain: 100% of voting CAs voted in favor Voting by browsers – 4 votes total including abstentions 4 Yes votes: Cisco, Microsoft, Mozilla, 360 0 No votes: 0 Abstain: 100% of voting browsers voted in favor