[Servercert-wg] Renumbering of the NetSec Requirements

Ryan Sleevi sleevi at google.com
Tue Jan 14 08:17:11 MST 2020

Thanks Ben!

This is super helpful for understanding where things are going and the
existing criteria, and really appreciated. I suppose some context that I'm
still missing is that it seems like the intent is to structure the document
in a "Principles and Criteria" format, which does seem like a somewhat
larger change than renumbering, and cuts to the heart of the design and
structure. I was hoping to understand a bit more of that background, and
was hoping it might have been discussed somewhere (so you don't have to
rehash it)

On Mon, Jan 13, 2020 at 7:07 PM Ben Wilson <benwilsonusa at gmail.com> wrote:

> I suppose that the new headings would be normative.  The "discussion
> notes" are found in the working document that reveals where this effort is
> headed - intended to eventually end up.  It is here -  NetSec-Reorg -
> https://docs.google.com/document/d/1iXOEdsoUcshtS3VZh2jJ-qvSWLGl-DUWMyNs0uZBheI/edit?usp=sharing
> On Mon, Jan 13, 2020 at 1:52 PM Ryan Sleevi <sleevi at google.com> wrote:
>> Removing the cross-post, so folks don't get mail bounces or only see half
>> the discussion, with replies inline.
>> On Mon, Jan 13, 2020 at 1:56 PM Ben Wilson via Servercert-wg <
>> servercert-wg at cabforum.org> wrote:
>>> In order to move forward with an overhaul of the Network and Certificate
>>> System Security Requirements, the Document Organization subgroup has
>>> determined it best to break up the transitions into discrete
>>> tasks/ballots.
>> Do you have a link to that discussion/minutes? Is there an overview? It's
>> useful to have a 'big picture' view to understand where things are proposed
>> for going, if only to help contextualize the smaller changes.
>> Attached is a pdf that shows the first step in a proposed
>>> restructuring/renumbering of the NetSet requirements -- strictly
>>> renumbering.
>> This doesn't seem  to be purely renumbering. For example, each of the
>> section headers were renamed with statements, which are unclear if they're
>> meant to be normative or informative, along with an orientation around
>> principles. That seems to harken back to WebTrust/ISO 21188's approach to
>> auditing, but it's unclear why this change. Is there more context for those
>> renamings? Is this part of a broader effort, and if so, do you have a
>> pointer to those past discussions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200114/33c8f3a2/attachment.html>

More information about the Servercert-wg mailing list