[cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

Inigo Barreira Inigo.Barreira at sectigo.com
Fri Apr 26 16:26:50 UTC 2024 

Sectigo votes yes

 

De: Netsec <netsec-bounces at cabforum.org> En nombre de Clint Wilson via
Netsec
Enviado el: martes, 23 de abril de 2024 17:59
Para: NetSec CA/BF <netsec at cabforum.org>
Asunto: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the
NCSSRs

 

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.

 

Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli
Ponds-White of Amazon and David Kluge of Google Trust Services.

 

Purpose of Ballot

 

This ballot proposes a comprehensive restructuring of the Network and
Certificate System Security Requirements (NCSSRs), excepting Section 4. The
current structure of the document has proven to be challenging for creating
ballots, contains duplicated requirements, and separates similar
requirements across the document. These issues have led to inefficiencies in
managing and implementing security standards. Therefore, this proposal aims
to streamline the document's structure, eliminate redundancies, improve
comprehensibility, and enhance clarity and coherence.

 

Reasons for Proposal:

 

*	Complexity in Ballot Creation: The current document structure can
make it difficult to create and manage ballots efficiently, leading to
somewhat awkward updating processes, abandoned ballots, and a lack of
confidence that ballots effect the intended changes.
*	Redundancy: Over time, some parts of the NCSSRs have touched on the
same topic, leading to some duplication across the document and further to
confusion and inconsistency in implementation.
*	Fragmentation: Similar requirements for different parts of a CA's
NCSSR-relevant infrastructure are scattered throughout the document, making
it somewhat more difficult for to locate and comprehend a complete picture
of these requirements effectively.
*	Minor Issues: The document contains other, more minor issues that
also impede its usability and effectiveness, such as missing definitions,
unclear list structures, and requirements that are more optional than they
may currently appear.

 

Benefits of the Updated Document Structure:

 

*	Enhanced Clarity: The revised structure should improve the clarity
and coherence of the document, making the requirements it represents easier
to understand, as well as result in greater consistency when implementing or
assessing its security requirements.
*	Future Updates: A more granular document structure should improve
the process of creating and managing ballots in the future. Similarly, the
improved proximity of related requirements should hopefully aid in
identifying the areas the NCSSRs can most benefit from further attention.
*	Grouping and De-duplication of Similar Requirements: By
consolidating duplicated requirements, the updated document should make it
much easier to find, comprehend, assess, and implement related requirements.
*	Clearer Recommendations: The updated document includes a number of
additional "SHOULD"-type stipulations, clarifying some of the language in
the current NCSSRs such that it's easier to identify where the NCSSRs impose
a strict requirement as opposed to a strong recommendation.

 

Overall, this ballot proposal seeks to address existing challenges in
updating the current version of the NCSSRs and pave the way for future
improvements to the NCSSRs.

 

MOTION BEGINS

 

This ballot modifies the "Network and Certificate System Security
Requirements" as follows, based on version 1.7:

 

https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536
388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e

 

MOTION ENDS

 

The procedure for approval of this ballot is as follows:

 

Discussion Period (14+ days)

 

Start Time: 2024-April-09 16:00 UTC

End Time: 2024-April-23 15:59 UTC

 

Voting Period (7 days)

 

Start Time: 2024-April-23 16:00 UTC

End Time: 2024-April-30 16:00 UTC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20240426/ef27057d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6630 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20240426/ef27057d/attachment-0001.p7s>

More information about the Netsec mailing list