Chunghwa Telecom votes “Yes” on NS-003. Thanks.
Li-Chun Chen
Chunghwa Telecom
-----Original Message-----
From: Netsec <netsec-boun...@cabforum.org> On Behalf Of Ryan Dickson via Netsec
Sent: Tuesday, April 30, 2024 4:57 AM
To: Clint Wilson <cli...@apple.com>; CABF Network Security WG
<netsec@cabforum.org>
Subject: [外部郵件]Re: [cabf_netsec] Voting Period Begins | Ballot NS-003:
Restructure the NCSSRs
Google votes "Yes" on NS-003.
On Tue, Apr 23, 2024 at 11:59 AM Clint Wilson via Netsec <
<mailto:netsec@cabforum.org%20%3cmailto:netsec@cabforum.org>
netsec@cabforum.org <mailto:netsec@cabforum.org> > wrote:
Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by
Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.
Purpose of Ballot
This ballot proposes a comprehensive restructuring of the Network and
Certificate System Security Requirements (NCSSRs), excepting Section 4. The
current structure of the document has proven to be challenging for creating
ballots, contains duplicated requirements, and separates similar requirements
across the document. These issues have led to inefficiencies in managing and
implementing security standards. Therefore, this proposal aims to streamline
the document's structure, eliminate redundancies, improve comprehensibility,
and enhance clarity and coherence.
Reasons for Proposal:
* Complexity in Ballot Creation: The current document structure
can make it difficult to create and manage ballots efficiently, leading to
somewhat awkward updating processes, abandoned ballots, and a lack of
confidence that ballots effect the intended changes.
* Redundancy: Over time, some parts of the NCSSRs have touched on
the same topic, leading to some duplication across the document and further to
confusion and inconsistency in implementation.
* Fragmentation: Similar requirements for different parts of a
CA’s NCSSR-relevant infrastructure are scattered throughout the document,
making it somewhat more difficult for to locate and comprehend a complete
picture of these requirements effectively.
* Minor Issues: The document contains other, more minor issues
that also impede its usability and effectiveness, such as missing definitions,
unclear list structures, and requirements that are more optional than they may
currently appear.
Benefits of the Updated Document Structure:
* Enhanced Clarity: The revised structure should improve the
clarity and coherence of the document, making the requirements it represents
easier to understand, as well as result in greater consistency when
implementing or assessing its security requirements.
* Future Updates: A more granular document structure should
improve the process of creating and managing ballots in the future. Similarly,
the improved proximity of related requirements should hopefully aid in
identifying the areas the NCSSRs can most benefit from further attention.
* Grouping and De-duplication of Similar Requirements: By
consolidating duplicated requirements, the updated document should make it much
easier to find, comprehend, assess, and implement related requirements.
* Clearer Recommendations: The updated document includes a number
of additional “SHOULD”-type stipulations, clarifying some of the language in
the current NCSSRs such that it’s easier to identify where the NCSSRs impose a
strict requirement as opposed to a strong recommendation.
Overall, this ballot proposal seeks to address existing challenges in
updating the current version of the NCSSRs and pave the way for future
improvements to the NCSSRs.
MOTION BEGINS
This ballot modifies the “Network and Certificate System Security
Requirements” as follows, based on version 1.7:
<https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e>
https://github.com/cabforum/netsec/compare/c62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e
<
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fnetsec%2Fcompare%2Fc62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e&data=05%7C02%7Crealsky%40cht.com.tw%7C4754871dbe2c47e10f1e08dc688eedb1%7C54eb9440cf0345fe835e61bd4ce515c8%7C0%7C0%7C638500210295474559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=WKNbjApmzhUIxkfDf8AEhxjX2%2B2j%2FoB9UQMM0GdqrO4%3D&reserved=0>
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fnetsec%2Fcompare%2Fc62a2f88e252de5c79b101fa3c9e9c536388639a...8bd66d27c07e30d1f4d9e6dd57b075bca499bf2e&data=05%7C02%7Crealsky%40cht.com.tw%7C4754871dbe2c47e10f1e08dc688eedb1%7C54eb9440cf0345fe835e61bd4ce515c8%7C0%7C0%7C638500210295474559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=WKNbjApmzhUIxkfDf8AEhxjX2%2B2j%2FoB9UQMM0GdqrO4%3D&reserved=0>
MOTION ENDS
The procedure for approval of this ballot is as follows:
Discussion Period (14+ days)
Start Time: 2024-April-09 16:00 UTC
End Time: 2024-April-23 15:59 UTC
Voting Period (7 days)
Start Time: 2024-April-23 16:00 UTC
End Time: 2024-April-30 16:00 UTC
_______________________________________________
Netsec mailing list
<mailto:Netsec@cabforum.org> Netsec@cabforum.org <
<mailto:Netsec@cabforum.org> mailto:Netsec@cabforum.org>
<https://lists.cabforum.org/mailman/listinfo/netsec>
https://lists.cabforum.org/mailman/listinfo/netsec <
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fnetsec&data=05%7C02%7Crealsky%40cht.com.tw%7C4754871dbe2c47e10f1e08dc688eedb1%7C54eb9440cf0345fe835e61bd4ce515c8%7C0%7C0%7C638500210295483773%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BObriwSsf7qyaOXSKMfM%2FMmUf7EPTnqWfgMPnqCuzzU%3D&reserved=0>
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fnetsec&data=05%7C02%7Crealsky%40cht.com.tw%7C4754871dbe2c47e10f1e08dc688eedb1%7C54eb9440cf0345fe835e61bd4ce515c8%7C0%7C0%7C638500210295483773%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BObriwSsf7qyaOXSKMfM%2FMmUf7EPTnqWfgMPnqCuzzU%3D&reserved=0>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Netsec mailing list Netsec@cabforum.org https://lists.cabforum.org/mailman/listinfo/netsec
