Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NS-003: Restructure the NCSSRs #33

Merged
merged 14 commits into from
May 6, 2024
Merged

NS-003: Restructure the NCSSRs #33

merged 14 commits into from
May 6, 2024

Conversation

clintwilson
Copy link
Member

Purpose of Ballot

This ballot proposes a comprehensive restructuring of the Network and Certificate System Security Requirements (NCSSRs), excepting Section 4. The current structure of the document has proven to be challenging for creating ballots, contains duplicated requirements, and separates similar requirements across the document. These issues have led to inefficiencies in managing and implementing security standards. Therefore, this proposal aims to streamline the document's structure, eliminate redundancies, improve comprehensibility, and enhance clarity and coherence.

Reasons for Proposal:

  • Complexity in Ballot Creation: The current document structure can make it difficult to create and manage ballots efficiently, leading to somewhat awkward updating processes, abandoned ballots, and a lack of confidence that ballots effect the intended changes.
  • Redundancy: Over time, some parts of the NCSSRs have touched on the same topic, leading to some duplication across the document and further to confusion and inconsistency in implementation.
  • Fragmentation: Similar requirements for different parts of a CA’s NCSSR-relevant infrastructure are scattered throughout the document, making it somewhat more difficult for to locate and comprehend a complete picture of these requirements effectively.
  • Minor Issues: The document contains other, more minor issues that also impede its usability and effectiveness, such as missing definitions, unclear list structures, and requirements that are more optional than they may currently appear.

Benefits of the Updated Document Structure:

  • Enhanced Clarity: The revised structure should improve the clarity and coherence of the document, making the requirements it represents easier to understand, as well as result in greater consistency when implementing or assessing its security requirements.
  • Future Updates: A more granular document structure should improve the process of creating and managing ballots in the future. Similarly, the improved proximity of related requirements should hopefully aid in identifying the areas the NCSSRs can most benefit from further attention.
  • Grouping and De-duplication of Similar Requirements: By consolidating duplicated requirements, the updated document should make it much easier to find, comprehend, assess, and implement related requirements.
  • Clearer Recommendations: The updated document includes a number of additional “SHOULD”-type stipulations, clarifying some of the language in the current NCSSRs such that it’s easier to identify where the NCSSRs impose a strict requirement as opposed to a strong recommendation.

Overall, this ballot proposal seeks to address existing challenges in updating the current version of the NCSSRs and pave the way for future improvements to the NCSSRs.

Clint Wilson added 13 commits June 8, 2023 13:15
Reorganize NSRs and add Section 5
114b5df
Rewrite 1st commit
93e5121 
Changes cover up to "Password-based Authentication", adding definitions, reordering sections and bullets, and rewriting a fair number of requirements.
2.2.2 through 3.2.3.2
8e39f04 
Finished first pass of reorganization for sections 2.2.2 (previously 2.2 Password-based Authentication) through 3.2.3.2 (previously 3.2.3).
Lots of markdown comments added as I went, but I'm sure I missed some too.
Remove in-line markdown comments
0d34f4a 
Removing all the in-line markdown comments after moving them to a document better suited to their discussion and use.
Minor textual/grammar fixes in a handful of places.
Updates from Feedback
c16c548 
Feedback from Ben, J.C., and Wendy incorporated.
Address issues #24 and #25
d120779 
Add minor changes to Definitions and 1.1.1.1 to address these long-open issues.
Incorporated Section 4
e217fdc 
Added Section 4 as-is back in and updated document header with placeholder for ballot.
Fix lists in Section 4
9399da1 
Fix copy/paste issue with lists' appearance in section 4.
MFA and MPC from NSWG feedback
8706d87 
Based on feedback in the Jan 30, 2024 NSWG meeting, changed definitions for Multi-Factor Authentication, Multi-Party Control, and Secure Key Storage Device and corresponding document sections.
Markdown fixes
25f4700 
Updates to ensure Markdown formatting is correct
Update for Multi-Party Control
f25ec6d 
Fix scoping of 2.2.4
Address feedback
a256f31 
* Address Tim H's feedback on the list related to 1.1.1.1 and 1.1.1.2
* Minor consistency improvements in 1.2 and 1.3
Address Feedback
251ac72 
* Add Effective date of 2024-10-15, with explicit reference to versions that can be followed prior to that date.
* Address #31
* Nit from Wendy
@clintwilson clintwilson requested a review from a team as a code owner April 9, 2024 01:25
Incorporate Feedback
8bd66d2 
* Update TBR name
* Update Effective Date to November 12, 2024 (2024-11-12) based on NSWG discussion on April 9, 2024
* Add Document Date in header
@clintwilson clintwilson changed the base branch from main to NS-003 May 6, 2024 17:24
@clintwilson clintwilson merged commit 078a36c into NS-003 May 6, 2024
2 checks passed
This was referenced Jun 4, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@clintwilson clintwilson deleted the offline-hsms branch June 26, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@clintwilson