HARICA votes "yes" to ballot NS-003.
On 23/4/2024 6:59 μ.μ., Clint Wilson via Netsec wrote:
Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by
Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.
*Purpose of Ballot*
This ballot proposes a comprehensive restructuring of the Network and
Certificate System Security Requirements (NCSSRs), excepting Section
4. The current structure of the document has proven to be challenging
for creating ballots, contains duplicated requirements, and separates
similar requirements across the document. These issues have led to
inefficiencies in managing and implementing security standards.
Therefore, this proposal aims to streamline the document's structure,
eliminate redundancies, improve comprehensibility, and enhance clarity
and coherence.
_Reasons for Proposal:_
* *Complexity in Ballot Creation*: The current document structure
can make it difficult to create and manage ballots efficiently,
leading to somewhat awkward updating processes, abandoned ballots,
and a lack of confidence that ballots effect the intended changes.
* *Redundancy*: Over time, some parts of the NCSSRs have touched on
the same topic, leading to some duplication across the document
and further to confusion and inconsistency in implementation.
* *Fragmentation*: Similar requirements for different parts of a
CA’s NCSSR-relevant infrastructure are scattered throughout the
document, making it somewhat more difficult for to locate and
comprehend a complete picture of these requirements effectively.
* *Minor Issues*: The document contains other, more minor issues
that also impede its usability and effectiveness, such as missing
definitions, unclear list structures, and requirements that are
more optional than they may currently appear.
_Benefits of the Updated Document Structure:_
* *Enhanced Clarity*: The revised structure should improve the
clarity and coherence of the document, making the requirements it
represents easier to understand, as well as result in greater
consistency when implementing or assessing its security requirements.
* *Future Updates*: A more granular document structure should
improve the process of creating and managing ballots in the
future. Similarly, the improved proximity of related requirements
should hopefully aid in identifying the areas the NCSSRs can most
benefit from further attention.
* *Grouping and De-duplication of Similar Requirements*: By
consolidating duplicated requirements, the updated document should
make it much easier to find, comprehend, assess, and implement
related requirements.
* *Clearer Recommendations*: The updated document includes a number
of additional “SHOULD”-type stipulations, clarifying some of the
language in the current NCSSRs such that it’s easier to identify
where the NCSSRs impose a strict requirement as opposed to a
strong recommendation.
Overall, this ballot proposal seeks to address existing challenges in
updating the current version of the NCSSRs and pave the way for future
improvements to the NCSSRs.
*MOTION BEGINS*
This ballot modifies the “Network and Certificate System Security
Requirements” as follows, based on version 1.7:
https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e
*MOTION ENDS*
The procedure for approval of this ballot is as follows:
*_Discussion Period_* (14+ days)
Start Time: 2024-April-09 16:00 UTC
End Time: 2024-April-23 15:59 UTC
*_Voting Period_* (7 days)
Start Time: 2024-April-23 16:00 UTC
End Time: 2024-April-30 16:00 UTC
_______________________________________________
Netsec mailing list
Netsec@cabforum.org
https://lists.cabforum.org/mailman/listinfo/netsec
_______________________________________________
Netsec mailing list
Netsec@cabforum.org
https://lists.cabforum.org/mailman/listinfo/netsec
