-
Bug
-
Resolution: Done
-
Medium
-
Casablanca Release
-
None
-
VNFRQTS Sprint 7, VNFRQTS Sprint 9, VNFRQTS Sprint 10
Current Requirement: The VNF MUST, if not using the NCSP’s IDAM API, comply with “No Self-Signed Certificates” policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as TLS 1.2 or higher or equivalent security protocols such as IPSec, AES.
Proposed Requirement: The VNF MUST support the use of X.509 certificates issued from any Certificate Authority (CA) that is compliant with RFC5280, e.g., a public CA such as DigiCert or Let's Encrypt, or an RFC5280 compliant Operator CA. Note: The VNF provider cannot require the use of self-signed certificates in an Operator's run time environment.
Reason: Requires the VNF to use certificates issued from the Operator's choice of RFC5280 Certificate authority
Current Section: General Requirements
Proposed Section: Cryptography
- relates to
-
VNFRQTS-435 Create new section of VNF Security Requirements
- Closed