[cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

3 views
Skip to first unread message

Clint Wilson

unread,
Apr 23, 2024, 11:59:03 AMApr 23
to NetSec CA/BF
Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.

Purpose of Ballot

This ballot proposes a comprehensive restructuring of the Network and Certificate System Security Requirements (NCSSRs), excepting Section 4. The current structure of the document has proven to be challenging for creating ballots, contains duplicated requirements, and separates similar requirements across the document. These issues have led to inefficiencies in managing and implementing security standards. Therefore, this proposal aims to streamline the document's structure, eliminate redundancies, improve comprehensibility, and enhance clarity and coherence.

Reasons for Proposal:

  • Complexity in Ballot Creation: The current document structure can make it difficult to create and manage ballots efficiently, leading to somewhat awkward updating processes, abandoned ballots, and a lack of confidence that ballots effect the intended changes.
  • Redundancy: Over time, some parts of the NCSSRs have touched on the same topic, leading to some duplication across the document and further to confusion and inconsistency in implementation.
  • Fragmentation: Similar requirements for different parts of a CA’s NCSSR-relevant infrastructure are scattered throughout the document, making it somewhat more difficult for to locate and comprehend a complete picture of these requirements effectively.
  • Minor Issues: The document contains other, more minor issues that also impede its usability and effectiveness, such as missing definitions, unclear list structures, and requirements that are more optional than they may currently appear.

Benefits of the Updated Document Structure:

  • Enhanced Clarity: The revised structure should improve the clarity and coherence of the document, making the requirements it represents easier to understand, as well as result in greater consistency when implementing or assessing its security requirements.
  • Future Updates: A more granular document structure should improve the process of creating and managing ballots in the future. Similarly, the improved proximity of related requirements should hopefully aid in identifying the areas the NCSSRs can most benefit from further attention.
  • Grouping and De-duplication of Similar Requirements: By consolidating duplicated requirements, the updated document should make it much easier to find, comprehend, assess, and implement related requirements.
  • Clearer Recommendations: The updated document includes a number of additional “SHOULD”-type stipulations, clarifying some of the language in the current NCSSRs such that it’s easier to identify where the NCSSRs impose a strict requirement as opposed to a strong recommendation.

Overall, this ballot proposal seeks to address existing challenges in updating the current version of the NCSSRs and pave the way for future improvements to the NCSSRs.

MOTION BEGINS

This ballot modifies the “Network and Certificate System Security Requirements” as follows, based on version 1.7:


MOTION ENDS

The procedure for approval of this ballot is as follows:

Discussion Period (14+ days)

Start Time: 2024-April-09 16:00 UTC
End Time: 2024-April-23 15:59 UTC

Voting Period (7 days)

Start Time: 2024-April-23 16:00 UTC
End Time: 2024-April-30 16:00 UTC

Ponds-White, Trev

unread,
Apr 23, 2024, 12:18:01 PMApr 23
to Clint Wilson, CABF Network Security WG

Amazon Trust Services votes yes

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec
Sent: Tuesday, April 23, 2024 8:59 AM
To: NetSec CA/BF <net...@cabforum.org>
Subject: [EXTERNAL] [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Brittany Randall

unread,
Apr 23, 2024, 12:29:50 PMApr 23
to NetSec CA/BF, Clint Wilson
GoDaddy votes "Yes" on NS-003

Best,

Brittany

From: Netsec <netsec-...@cabforum.org> on behalf of Clint Wilson via Netsec <net...@cabforum.org>

Sent: Tuesday, April 23, 2024 8:59 AM
To: NetSec CA/BF <net...@cabforum.org>
Subject: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs
 
Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@.

Ben Wilson

unread,
Apr 23, 2024, 3:51:38 PMApr 23
to Clint Wilson, CABF Network Security WG
Mozilla votes "yes" on this ballot.

_______________________________________________
Netsec mailing list
Net...@cabforum.org
https://lists.cabforum.org/mailman/listinfo/netsec

蔡家宏(chtsai)

unread,
Apr 23, 2024, 9:15:59 PMApr 23
to Clint Wilson, CABF Network Security WG

TWCA votes yes.

 

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec
Sent: Tuesday, April 23, 2024 11:59 PM
To: NetSec CA/BF <net...@cabforum.org>
Subject: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.

Tugba ÖZCAN (BILGEM KSM)

unread,
Apr 24, 2024, 7:25:30 AMApr 24
to Clint Wilson, CABF Network Security WG
Kamu SM votes "Yes" on Ballot NS-003

Tuğba ÖZCAN

Head Of e_signature Technologies Department

 

TÜBİTAK/BİLGEM/Kamu SM

Çamlıca Mahallesi 408. Cadde No: 136

C Blok 5. Kat Yenimahalle/Ankara

Dahili:8543 


tugba...@tubitak.gov.tr



Kimden: "Clint Wilson via Netsec" <net...@cabforum.org>
Kime: "NetSec CA/BF" <net...@cabforum.org>
Gönderilenler: 23 Nisan Salı 2024 18:59:16
Konu: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the        NCSSRs

Jozef Nigut

unread,
Apr 24, 2024, 8:54:28 AMApr 24
to Clint Wilson, CABF Network Security WG

Disig votes "Yes" on NS-003

 

Best regards,

 

Jozef Nigut

Disig, a.s.

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec


Sent: Tuesday, April 23, 2024 5:59 PM
To: NetSec CA/BF <net...@cabforum.org>

Christophe Bonjean

unread,
Apr 25, 2024, 3:35:10 AMApr 25
to Clint Wilson, CABF Network Security WG

GlobalSign votes “Yes” on Ballot NS-003.

 

Christophe

Dimitris Zacharopoulos (HARICA)

unread,
Apr 25, 2024, 12:09:27 PMApr 25
to net...@cabforum.org
HARICA votes "yes" to ballot NS-003.

Inigo Barreira

unread,
Apr 26, 2024, 12:26:50 PMApr 26
to Clint Wilson, CABF Network Security WG

Sectigo votes yes

 

De: Netsec <netsec-...@cabforum.org> En nombre de Clint Wilson via Netsec
Enviado el: martes, 23 de abril de 2024 17:59
Para: NetSec CA/BF <net...@cabforum.org>
Asunto: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Clint Wilson

unread,
Apr 26, 2024, 5:12:23 PMApr 26
to Clint Wilson, NetSec CA/BF
Apple votes YES on Ballot NS-003.

Dustin Hollenback

unread,
Apr 28, 2024, 2:18:16 PMApr 28
to Clint Wilson, CABF Network Security WG

Microsoft Corporation votes YES on Ballot NS-003.

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec


Sent: Tuesday, April 23, 2024 8:59 AM
To: NetSec CA/BF <net...@cabforum.org>

xiu...@gdca.com.cn

unread,
Apr 29, 2024, 2:13:17 AMApr 29
to clintw, Josh Aas via Netsec
GDCA votes YES on Ballot NS-003.
Thanks.

Michael Guenther

unread,
Apr 29, 2024, 5:25:17 AMApr 29
to Clint Wilson, CABF Network Security WG

SwissSign votes ‘yes’ on NS-003: Restructure of NCSSRs

 

Mike

Rollin.Yu

unread,
Apr 29, 2024, 9:03:21 AMApr 29
to Clint Wilson, CABF Network Security WG
TrustAsia votes YES on Ballot NS-003.

Best regards,
Rollin Yu



Tom Zermeno

unread,
Apr 29, 2024, 12:19:29 PMApr 29
to Clint Wilson, CABF Network Security WG

SSL.com votes “Yes” on ballot NS-003.

 

-Tom

SSL.com

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec
Sent: Tuesday, April 23, 2024 10:59 AM
To: NetSec CA/BF <net...@cabforum.org>

Wayne Thayer

unread,
Apr 29, 2024, 12:27:28 PMApr 29
to CABF Network Security WG
Fastly votes Yes to ballot NS-003.

- Wayne


Andrea Holland

unread,
Apr 29, 2024, 2:54:03 PMApr 29
to CABF Network Security WG

VikingCloud votes Yes on NS-003.

 

Regards,

Andrea Holland

 

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec
Sent: Tuesday, April 23, 2024 11:59 AM
To: NetSec CA/BF <net...@cabforum.org>
Subject: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

Caution: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.





Company Registration Details
VikingCloud is the registered business name of Sysxnet Limited. Sysxnet Limited is registered in Ireland under company registration number 147176 and its registered office is at 1st Floor, Block 71a, The Plaza, Park West Business Park, Dublin 12, Ireland.

Email Disclaimer
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Sysxnet Limited is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt..

Ryan Dickson

unread,
Apr 29, 2024, 4:55:00 PMApr 29
to Clint Wilson, CABF Network Security WG
Google votes "Yes" on NS-003.

Mads Egil Henriksveen

unread,
Apr 30, 2024, 1:07:49 AMApr 30
to Clint Wilson, CABF Network Security WG

Buypass votes YES on Ballot NS-003.

 

Regards

Mads

 

From: Netsec <netsec-...@cabforum.org> On Behalf Of Clint Wilson via Netsec
Sent: Tuesday, April 23, 2024 5:59 PM
To: NetSec CA/BF <net...@cabforum.org>
Subject: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.

Backman, Antti

unread,
Apr 30, 2024, 4:06:25 AMApr 30
to Clint Wilson, CABF Network Security WG

Telia Company votes ‘Yes’ on Ballot NS-003

 

//Antti

陳立群

unread,
Apr 30, 2024, 7:15:07 AMApr 30
to CABF Network Security WG, Clint Wilson

Chunghwa Telecom votes “Yes” on NS-003. Thanks.

 

 

 

Li-Chun Chen

                     Chunghwa Telecom

 

 

-----Original Message-----
From: Netsec <netsec-...@cabforum.org> On Behalf Of Ryan Dickson via Netsec
Sent: Tuesday, April 30, 2024 4:57 AM
To: Clint Wilson <cli...@apple.com>; CABF Network Security WG <net...@cabforum.org>
Subject: [
外部郵件]Re: [cabf_netsec] Voting Period Begins | Ballot NS-003: Restructure the NCSSRs

 

Google votes "Yes" on NS-003.

 

 

On Tue, Apr 23, 2024 at 11:59AM Clint Wilson via Netsec <net...@cabforum.org <mailto:net...@cabforum.org> > wrote:

 

 

        Ballot NS-003 is proposed by Clint Wilson of Apple and endorsed by Trevoli Ponds-White of Amazon and David Kluge of Google Trust Services.

 

        Purpose of Ballot

 

        This ballot proposes a comprehensive restructuring of the Network and Certificate System Security Requirements (NCSSRs), excepting Section 4. The current structure of the document has proven to be challenging for creating ballots, contains duplicated requirements, and separates similar requirements across the document. These issues have led to inefficiencies in managing and implementing security standards. Therefore, this proposal aims to streamline the document's structure, eliminate redundancies, improve comprehensibility, and enhance clarity and coherence.

 

        Reasons for Proposal:

 

 

        *      Complexity in Ballot Creation: The current document structure can make it difficult to create and manage ballots efficiently, leading to somewhat awkward updating processes, abandoned ballots, and a lack of confidence that ballots effect the intended changes.

        *      Redundancy: Over time, some parts of the NCSSRs have touched on the same topic, leading to some duplication across the document and further to confusion and inconsistency in implementation.

        *      Fragmentation: Similar requirements for different parts of a CAs NCSSR-relevant infrastructure are scattered throughout the document, making it somewhat more difficult for to locate and comprehend a complete picture of these requirements effectively.

        *      Minor Issues: The document contains other, more minor issues that also impede its usability and effectiveness, such as missing definitions, unclear list structures, and requirements that are more optional than they may currently appear.

 

 

        Benefits of the Updated Document Structure:

 

 

        *      Enhanced Clarity: The revised structure should improve the clarity and coherence of the document, making the requirements it represents easier to understand, as well as result in greater consistency when implementing or assessing its security requirements.

        *      Future Updates: A more granular document structure should improve the process of creating and managing ballots in the future. Similarly, the improved proximity of related requirements should hopefully aid in identifying the areas the NCSSRs can most benefit from further attention.

        *      Grouping and De-duplication of Similar Requirements: By consolidating duplicated requirements, the updated document should make it much easier to find, comprehend, assess, and implement related requirements.

        *      Clearer Recommendations: The updated document includes a number of additional SHOULD-type stipulations, clarifying some of the language in the current NCSSRs such that its easier to identify where the NCSSRs impose a strict requirement as opposed to a strong recommendation.

 

 

        Overall, this ballot proposal seeks to address existing challenges in updating the current version of the NCSSRs and pave the way for future improvements to the NCSSRs.

 

        MOTION BEGINS

 

        This ballot modifies the Network and Certificate System Security Requirements as follows, based on version 1.7:

 

 

        MOTION ENDS

 

        The procedure for approval of this ballot is as follows:

 

        Discussion Period (14+ days)

 

        Start Time: 2024-April-09 16:00 UTC

        End Time: 2024-April-23 15:59 UTC

 

        Voting Period (7 days)

 

        Start Time: 2024-April-23 16:00 UTC

        End Time: 2024-April-30 16:00 UTC

Reply all
Reply to author
Forward
0 new messages