Apple votes YES on Ballot NS-003. > On Apr 23, 2024, at 8:59 AM, Clint Wilson via Netsec <netsec@cabforum.org> > wrote: > > Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli > Ponds-White of Amazon and David Kluge of Google Trust Services. > > Purpose of Ballot > > This ballot proposes a comprehensive restructuring of the Network and > Certificate System Security Requirements (NCSSRs), excepting Section 4. The > current structure of the document has proven to be challenging for creating > ballots, contains duplicated requirements, and separates similar requirements > across the document. These issues have led to inefficiencies in managing and > implementing security standards. Therefore, this proposal aims to streamline > the document's structure, eliminate redundancies, improve comprehensibility, > and enhance clarity and coherence. > > Reasons for Proposal: > > Complexity in Ballot Creation: The current document structure can make it > difficult to create and manage ballots efficiently, leading to somewhat > awkward updating processes, abandoned ballots, and a lack of confidence that > ballots effect the intended changes. > Redundancy: Over time, some parts of the NCSSRs have touched on the same > topic, leading to some duplication across the document and further to > confusion and inconsistency in implementation. > Fragmentation: Similar requirements for different parts of a CA’s > NCSSR-relevant infrastructure are scattered throughout the document, making > it somewhat more difficult for to locate and comprehend a complete picture of > these requirements effectively. > Minor Issues: The document contains other, more minor issues that also impede > its usability and effectiveness, such as missing definitions, unclear list > structures, and requirements that are more optional than they may currently > appear. > > Benefits of the Updated Document Structure: > > Enhanced Clarity: The revised structure should improve the clarity and > coherence of the document, making the requirements it represents easier to > understand, as well as result in greater consistency when implementing or > assessing its security requirements. > Future Updates: A more granular document structure should improve the process > of creating and managing ballots in the future. Similarly, the improved > proximity of related requirements should hopefully aid in identifying the > areas the NCSSRs can most benefit from further attention. > Grouping and De-duplication of Similar Requirements: By consolidating > duplicated requirements, the updated document should make it much easier to > find, comprehend, assess, and implement related requirements. > Clearer Recommendations: The updated document includes a number of additional > “SHOULD”-type stipulations, clarifying some of the language in the current > NCSSRs such that it’s easier to identify where the NCSSRs impose a strict > requirement as opposed to a strong recommendation. > > Overall, this ballot proposal seeks to address existing challenges in > updating the current version of the NCSSRs and pave the way for future > improvements to the NCSSRs. > > MOTION BEGINS > > This ballot modifies the “Network and Certificate System Security > Requirements” as follows, based on version 1.7: > > https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e > > MOTION ENDS > > The procedure for approval of this ballot is as follows: > > Discussion Period (14+ days) > > Start Time: 2024-April-09 16:00 UTC > End Time: 2024-April-23 15:59 UTC > > Voting Period (7 days) > > Start Time: 2024-April-23 16:00 UTC > End Time: 2024-April-30 16:00 UTC > _______________________________________________ > Netsec mailing list > Netsec@cabforum.org > https://lists.cabforum.org/mailman/listinfo/netsec
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Netsec mailing list Netsec@cabforum.org https://lists.cabforum.org/mailman/listinfo/netsec
