Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Define "air-gapped" and "offline" #4

Open
BenWilson-Mozilla opened this issue Apr 1, 2022 · 4 comments
Open

Define "air-gapped" and "offline" #4

BenWilson-Mozilla opened this issue Apr 1, 2022 · 4 comments

Comments

@BenWilson-Mozilla
Copy link
Contributor

Adding definitions for "air-gapped" and "offline" will provide greater clarity (notes from 2017-08-10).

@BenWilson-Mozilla
Copy link
Contributor Author

Notes from 2017-08-23: Focusing on "roots" doesn't make sense.
We looked at suggested potential language for offline and air-gapped Root CAs.
Peter suggested we discuss the difference between offline CA and root CA. We should be focused on offline CAs. Root CAs are an example of something that has to be offline, I don’t think we should limit our changes to just roots. Peter said that defining “root” would be hard, and it would be easier to say offline CAs must do “XYZ” and then it’s up to the CA operator or trust service provider to say these are my offline CAs and these are the other ones.
Etc., etc.

@BenWilson-Mozilla
Copy link
Contributor Author

Air Gapped: Physically and logically connected, at the most, only to a single utility network (without physical connectivity to the internet) and connected to no other network. (requires physical presence or physical proximity).
[from Tobias Josefowitz to everyone:
Air Gapped: Physically and logically disconnected from all other networks, interaction of any kind requires physical presence in proximity. If the system is built of several components, network technology may be used to connect them as long as network equipment and all systems connected are themselves otherwise Air Gapped.]

Offline State: A Certificate System or component that is not available via any external connection (e.g. powered down or unplugged).

@BenWilson-Mozilla
Copy link
Contributor Author

Root CA System: A system in an Offline-State or Air-Gapped used to create a Root Certificate or to generate, store, or sign with the Private Key associated with a Root Certificate. -

@BenWilson-Mozilla
Copy link
Contributor Author

This is mainly to differentiate NCSSR requirements for offline CAs that can't be audited the same as online CAs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants