Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NS-003: Restructure the NCSSRs #35

Merged
merged 2 commits into from
Jun 7, 2024
Merged

NS-003: Restructure the NCSSRs #35

merged 2 commits into from
Jun 7, 2024

Conversation

clintwilson
Copy link
Member

Purpose of Ballot

This ballot proposes a comprehensive restructuring of the Network and Certificate System Security Requirements (NCSSRs), excepting Section 4. The current structure of the document has proven to be challenging for creating ballots, contains duplicated requirements, and separates similar requirements across the document. These issues have led to inefficiencies in managing and implementing security standards. Therefore, this proposal aims to streamline the document's structure, eliminate redundancies, improve comprehensibility, and enhance clarity and coherence.

Reasons for Proposal:

  • Complexity in Ballot Creation: The current document structure can make it difficult to create and manage ballots efficiently, leading to somewhat awkward updating processes, abandoned ballots, and a lack of confidence that ballots effect the intended changes.
  • Redundancy: Over time, some parts of the NCSSRs have touched on the same topic, leading to some duplication across the document and further to confusion and inconsistency in implementation.
  • Fragmentation: Similar requirements for different parts of a CA’s NCSSR-relevant infrastructure are scattered throughout the document, making it somewhat more difficult for to locate and comprehend a complete picture of these requirements effectively.
  • Minor Issues: The document contains other, more minor issues that also impede its usability and effectiveness, such as missing definitions, unclear list structures, and requirements that are more optional than they may currently appear.

Benefits of the Updated Document Structure:

  • Enhanced Clarity: The revised structure should improve the clarity and coherence of the document, making the requirements it represents easier to understand, as well as result in greater consistency when implementing or assessing its security requirements.
  • Future Updates: A more granular document structure should improve the process of creating and managing ballots in the future. Similarly, the improved proximity of related requirements should hopefully aid in identifying the areas the NCSSRs can most benefit from further attention.
  • Grouping and De-duplication of Similar Requirements: By consolidating duplicated requirements, the updated document should make it much easier to find, comprehend, assess, and implement related requirements.
  • Clearer Recommendations: The updated document includes a number of additional “SHOULD”-type stipulations, clarifying some of the language in the current NCSSRs such that it’s easier to identify where the NCSSRs impose a strict requirement as opposed to a strong recommendation.

Overall, this ballot proposal seeks to address existing challenges in updating the current version of the NCSSRs and pave the way for future improvements to the NCSSRs.

clintwilson and others added 2 commits May 6, 2024 10:26
@clintwilson
NS-003: Restructure the NCSSRs (#33)
078a36c 
* Reorganize NSRs and add Section 5

* Rewrite 1st commit

Changes cover up to "Password-based Authentication", adding definitions, reordering sections and bullets, and rewriting a fair number of requirements.

* 2.2.2 through 3.2.3.2

Finished first pass of reorganization for sections 2.2.2 (previously 2.2 Password-based Authentication) through 3.2.3.2 (previously 3.2.3).
Lots of markdown comments added as I went, but I'm sure I missed some too.

* Remove in-line markdown comments

Removing all the in-line markdown comments after moving them to a document better suited to their discussion and use.
Minor textual/grammar fixes in a handful of places.

* Updates from Feedback

Feedback from Ben, J.C., and Wendy incorporated.

* Address issues #24 and #25

Add minor changes to Definitions and 1.1.1.1 to address these long-open issues.

* Incorporated Section 4

Added Section 4 as-is back in and updated document header with placeholder for ballot.

* Fix lists in Section 4

Fix copy/paste issue with lists' appearance in section 4.

* MFA and MPC from NSWG feedback

Based on feedback in the Jan 30, 2024 NSWG meeting, changed definitions for Multi-Factor Authentication, Multi-Party Control, and Secure Key Storage Device and corresponding document sections.

* Markdown fixes

Updates to ensure Markdown formatting is correct

* Update for Multi-Party Control

Fix scoping of 2.2.4

* Address feedback

* Address Tim H's feedback on the list related to 1.1.1.1 and 1.1.1.2
* Minor consistency improvements in 1.2 and 1.3

* Address Feedback

* Add Effective date of 2024-10-15, with explicit reference to versions that can be followed prior to that date.
* Address #31
* Nit from Wendy

* Incorporate Feedback

* Update TBR name
* Update Effective Date to November 12, 2024 (2024-11-12) based on NSWG discussion on April 9, 2024
* Add Document Date in header
Finalize NCSSR content post-IPR
341fe59 
Update the document date and Document History table based on completed IPR Review Period of NS-003
@clintwilson clintwilson added the documentation Improvements or additions to documentation label Jun 7, 2024
@clintwilson clintwilson self-assigned this Jun 7, 2024
@clintwilson clintwilson requested a review from a team as a code owner June 7, 2024 23:00
@BenWilson-Mozilla BenWilson-Mozilla self-requested a review June 7, 2024 23:29
BenWilson-Mozilla
BenWilson-Mozilla approved these changes Jun 7, 2024
View reviewed changes
Copy link
Contributor

@BenWilson-Mozilla BenWilson-Mozilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving

@BenWilson-Mozilla BenWilson-Mozilla self-requested a review June 7, 2024 23:31
@BenWilson-Mozilla BenWilson-Mozilla merged commit 7707907 into main Jun 7, 2024
2 checks passed
@clintwilson clintwilson added the ballot PR for ballots in the NSWG label Jun 7, 2024
@clintwilson clintwilson deleted the NS-003 branch June 26, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenWilson-Mozilla BenWilson-Mozilla Awaiting requested review from BenWilson-Mozilla

Assignees

@clintwilson clintwilson

Labels
ballot PR for ballots in the NSWG documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@clintwilson @BenWilson-Mozilla