[cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Apr 25 16:09:27 UTC 2024 

HARICA votes "yes" to ballot NS-003.

On 23/4/2024 6:59 μ.μ., Clint Wilson via Netsec wrote:
> Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by 
> Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.
>
> *Purpose of Ballot*
>
> This ballot proposes a comprehensive restructuring of the Network and 
> Certificate System Security Requirements (NCSSRs), excepting Section 
> 4. The current structure of the document has proven to be challenging 
> for creating ballots, contains duplicated requirements, and separates 
> similar requirements across the document. These issues have led to 
> inefficiencies in managing and implementing security standards. 
> Therefore, this proposal aims to streamline the document's structure, 
> eliminate redundancies, improve comprehensibility, and enhance clarity 
> and coherence.
>
> _Reasons for Proposal:_
>
>   * *Complexity in Ballot Creation*: The current document structure
>     can make it difficult to create and manage ballots efficiently,
>     leading to somewhat awkward updating processes, abandoned ballots,
>     and a lack of confidence that ballots effect the intended changes.
>   * *Redundancy*: Over time, some parts of the NCSSRs have touched on
>     the same topic, leading to some duplication across the document
>     and further to confusion and inconsistency in implementation.
>   * *Fragmentation*: Similar requirements for different parts of a
>     CA’s NCSSR-relevant infrastructure are scattered throughout the
>     document, making it somewhat more difficult for to locate and
>     comprehend a complete picture of these requirements effectively.
>   * *Minor Issues*: The document contains other, more minor issues
>     that also impede its usability and effectiveness, such as missing
>     definitions, unclear list structures, and requirements that are
>     more optional than they may currently appear.
>
>
> _Benefits of the Updated Document Structure:_
>
>   * *Enhanced Clarity*: The revised structure should improve the
>     clarity and coherence of the document, making the requirements it
>     represents easier to understand, as well as result in greater
>     consistency when implementing or assessing its security requirements.
>   * *Future Updates*: A more granular document structure should
>     improve the process of creating and managing ballots in the
>     future. Similarly, the improved proximity of related requirements
>     should hopefully aid in identifying the areas the NCSSRs can most
>     benefit from further attention.
>   * *Grouping and De-duplication of Similar Requirements*: By
>     consolidating duplicated requirements, the updated document should
>     make it much easier to find, comprehend, assess, and implement
>     related requirements.
>   * *Clearer Recommendations*: The updated document includes a number
>     of additional “SHOULD”-type stipulations, clarifying some of the
>     language in the current NCSSRs such that it’s easier to identify
>     where the NCSSRs impose a strict requirement as opposed to a
>     strong recommendation.
>
>
> Overall, this ballot proposal seeks to address existing challenges in 
> updating the current version of the NCSSRs and pave the way for future 
> improvements to the NCSSRs.
>
> *MOTION BEGINS*
>
> This ballot modifies the “Network and Certificate System Security 
> Requirements” as follows, based on version 1.7:
>
> https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e
>
> *MOTION ENDS*
>
> The procedure for approval of this ballot is as follows:
>
> *_Discussion Period_* (14+ days)
>
> Start Time: 2024-April-09 16:00 UTC
> End Time: 2024-April-23 15:59 UTC
>
> *_Voting Period_* (7 days)
>
> Start Time: 2024-April-23 16:00 UTC
> End Time: 2024-April-30 16:00 UTC
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/netsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20240425/50bcea1e/attachment.html>

More information about the Netsec mailing list