[cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

Ben Wilson bwilson at mozilla.com
Tue Apr 23 19:51:38 UTC 2024 

Mozilla votes "yes" on this ballot.

On Tue, Apr 23, 2024, 5:59 PM Clint Wilson via Netsec <netsec at cabforum.org>
wrote:

> Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli
> Ponds-White of Amazon and David Kluge of Google Trust Services.
>
> *Purpose of Ballot*
>
> This ballot proposes a comprehensive restructuring of the Network and
> Certificate System Security Requirements (NCSSRs), excepting Section 4. The
> current structure of the document has proven to be challenging for creating
> ballots, contains duplicated requirements, and separates similar
> requirements across the document. These issues have led to inefficiencies
> in managing and implementing security standards. Therefore, this proposal
> aims to streamline the document's structure, eliminate redundancies,
> improve comprehensibility, and enhance clarity and coherence.
>
> *Reasons for Proposal:*
>
>
>    - *Complexity in Ballot Creation*: The current document structure can
>    make it difficult to create and manage ballots efficiently, leading to
>    somewhat awkward updating processes, abandoned ballots, and a lack of
>    confidence that ballots effect the intended changes.
>    - *Redundancy*: Over time, some parts of the NCSSRs have touched on
>    the same topic, leading to some duplication across the document and further
>    to confusion and inconsistency in implementation.
>    - *Fragmentation*: Similar requirements for different parts of a CA’s
>    NCSSR-relevant infrastructure are scattered throughout the document, making
>    it somewhat more difficult for to locate and comprehend a complete picture
>    of these requirements effectively.
>    - *Minor Issues*: The document contains other, more minor issues that
>    also impede its usability and effectiveness, such as missing definitions,
>    unclear list structures, and requirements that are more optional than they
>    may currently appear.
>
>
> *Benefits of the Updated Document Structure:*
>
>
>    - *Enhanced Clarity*: The revised structure should improve the clarity
>    and coherence of the document, making the requirements it represents easier
>    to understand, as well as result in greater consistency when implementing
>    or assessing its security requirements.
>    - *Future Updates*: A more granular document structure should improve
>    the process of creating and managing ballots in the future. Similarly, the
>    improved proximity of related requirements should hopefully aid in
>    identifying the areas the NCSSRs can most benefit from further attention.
>    - *Grouping and De-duplication of Similar Requirements*: By
>    consolidating duplicated requirements, the updated document should make it
>    much easier to find, comprehend, assess, and implement related requirements.
>    - *Clearer Recommendations*: The updated document includes a number of
>    additional “SHOULD”-type stipulations, clarifying some of the language in
>    the current NCSSRs such that it’s easier to identify where the NCSSRs
>    impose a strict requirement as opposed to a strong recommendation.
>
>
> Overall, this ballot proposal seeks to address existing challenges in
> updating the current version of the NCSSRs and pave the way for future
> improvements to the NCSSRs.
>
> *MOTION BEGINS*
>
> This ballot modifies the “Network and Certificate System Security
> Requirements” as follows, based on version 1.7:
>
>
> https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e
>
> *MOTION ENDS*
>
> The procedure for approval of this ballot is as follows:
>
> *Discussion Period* (14+ days)
>
> Start Time: 2024-April-09 16:00 UTC
> End Time: 2024-April-23 15:59 UTC
>
> *Voting Period* (7 days)
>
> Start Time: 2024-April-23 16:00 UTC
> End Time: 2024-April-30 16:00 UTC
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/netsec
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20240423/e31f5140/attachment-0001.html>

More information about the Netsec mailing list