NSR Clarification
52 views
Skip to first unread message
Qais Al Hajri
Apr 7, 2026, 3:27:08 PMApr 7
to net...@groups.cabforum.org
Hello,
I had two topics I wanted to discuss but we ran out of time:
-
In the definition of Certificate System, should the scope for data storage be limited to certificate issuance or certificate status? Or was it intentional to expand the scope and include all storage systems that store data related to all 9 activities outlined under Certificate Systems?
-
Network Boundary Controls have a more comprehensive definition in the NSR but does not include "routers" whereas 5.4.1.1 in TLS BR references firewalls and routers which are two kinds of network devices.
-
I think the TLS BR should be updated to include Network Boundary Control definition and update this section to reference this.
Thanks,
Qais Al Hajri
Trevoli Ponds-White
Apr 7, 2026, 5:16:10 PMApr 7
to NetSec WG - Public (CA/B Forum), Qais Al Hajri
I 100% agree that the TLS BRs should be updated to substitute the phrase Firewalls for Network Boundary Controls. I raised this during the update to that section but it was punted on. If you make a ballot for this Amazon Trust Services is happy to endorse.
For the first one are you referring to a specific ballot change? With the callout the definition of "certificate systems" has long been on the wish list of some of us to get rid of. For what it's worth I read the data requirement for this as the data that is pertinent to operate and offer the customer expected outcomes of those systems. Specifically where it overlaps with TLS BR 5.4.1.
Qais Al Hajri
Apr 8, 2026, 1:07:33 PMApr 8
to net...@groups.cabforum.org
|
From: 'Trevoli Ponds-White' via NetSec WG - Public (CA/B Forum) <net...@groups.cabforum.org>
Sent: Tuesday, 07 April 2026 21:16:09
To: NetSec WG - Public (CA/B Forum) <net...@groups.cabforum.org>
Cc: Qais Al Hajri <Qai...@microsoft.com>
Subject: [EXTERNAL] [netsec] Re: NSR Clarification
Sent: Tuesday, 07 April 2026 21:16:09
To: NetSec WG - Public (CA/B Forum) <net...@groups.cabforum.org>
Cc: Qais Al Hajri <Qai...@microsoft.com>
Subject: [EXTERNAL] [netsec] Re: NSR Clarification
--
You received this message because you are subscribed to the Google Groups "NetSec WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netsec+un...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/netsec/9ebe966b-4efe-49ef-ae76-7fee3fac920en%40groups.cabforum.org.
You received this message because you are subscribed to the Google Groups "NetSec WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netsec+un...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/netsec/9ebe966b-4efe-49ef-ae76-7fee3fac920en%40groups.cabforum.org.
Qais Al Hajri
Apr 8, 2026, 1:13:06 PMApr 8
to net...@groups.cabforum.org
Thanks, Trev. I'm referring to ballot NS-008. The scope of "storage systems" seems to have increased greatly with the addition of the word "store" in the "Certificate Systems" definition. This might be a good topic to have in the next sync.
Thanks,
Qais Al Hajri
From: 'Trevoli Ponds-White' via NetSec WG - Public (CA/B Forum) <net...@groups.cabforum.org>
Sent: Tuesday, April 7, 2026 2:16 PM
To: NetSec WG - Public (CA/B Forum) <net...@groups.cabforum.org>
Cc: Qais Al Hajri <Qai...@microsoft.com>
Subject: [EXTERNAL] [netsec] Re: NSR Clarification
--
Reply all
Reply to author
Forward
0 new messages