NS-006 passed

Ballot NS-006: Fix 1.2.2 encrypted connections scoping

Network Security Working Group

Key dates

Effective date: 12 Mar 2025 1 year ago
Voting opened: 06 Nov 2024 1 year ago
Voting closed: 13 Nov 2024 1 year ago
IPR review ends: 13 Dec 2024 1 year ago
Discussion opened: 29 Oct 2024 1 year ago
Discussion closed: 05 Nov 2024 1 year ago

Resources

⎇ GitHub diff https://github.com/cabforum/netsec/compare/7707907628ccebe6818fb6793d1c8a3aa38cf70d...danjeffery:netsec:a27ed77f1d09c3531f91936c1191843d000b0739 https://github.com/cabforum/netsec/compare/7707907628ccebe6818fb6793d1c8a3aa38cf70d...danjeffery:netsec:a27ed77f1d09c3531f91936c1191843d000b0739

± Redline https://cabforum.org/posts/2024/2024-12-16-NSWG-Ballot-NS-006/CA-Browser-Forum-NCSSR-2.0.3-redline.pdf https://cabforum.org/posts/2024/2024-12-16-NSWG-Ballot-NS-006/CA-Browser-Forum-NCSSR-2.0.3-redline.pdf

⤓ Document https://cabforum.org/posts/2024/2024-12-16-NSWG-Ballot-NS-006/CA-Browser-Forum-FG-NCSSR-2.0.3.pdf Ballot NS-006: Fix 1.2.2 encrypted connections scoping

⤓ Document https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf

AI Summary

Generated 2026-06-23 21:26 UTC

Result and purpose

Ballot NS-006: Fix 1.2.2 encrypted connections scoping was proposed to refine changes in NS-005 based on feedback from the 2024-10 face to face meeting regarding TLS connections to and within CA infrastructure.
The ballot modifies Network and Certificate System Security Requirements (NCSSRs) version 2.0 (as referenced on the ballot page).

Key requirement changes described in the ballot materials

For connections inbound to the CA, allow exceptions for formal specifications that conflict.
For connections within the CA, change to SHOULD.

Effective date and applicability (from the provided draft text)

The requirements state:
- Prior to 2025-03-12, the CA SHALL adhere to these Requirements or Version 1.7 of the Network and Certificate System Security Requirements.
- Effective 2025-03-12, the CA SHALL adhere to these Requirements.
The draft text also states an effective-date basis tied to completion of a 30-day IPR review without filing any Exclusion Notices.

IPR review and voting outcome (from the ballot page)

The ballot page states the voting period has ended and the Ballot has Passed.
The ballot page lists voting results showing 100% Yes votes among Certificate Consumers and Certificate Issuers, and states bylaws requirements were MET and quorum was 7 for this ballot.

Model: gpt-5.4-nano Confidence: 0.86 Result: passed

Effective date: 2025-03-12
Voting opened: 2024-11-06
Voting closed: 2024-11-13
IPR review ends: 2024-12-13
Discussion opened: 2024-10-29
Discussion closed: 2024-11-05

Applicability and conditions

2025-03-12 — CAs must follow the transition rule before 2025-03-12 and then comply with the updated requirements starting on 2025-03-12. Prior to 2025-03-12, the CA SHALL adhere to these Requirements or Version 1.7 of the Network and Certificate System Security Requirements; Effective 2025-03-12, the CA SHALL adhere to these Requirements.

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

0 Yes

0 No

0 Abstain

Proposers

Daniel Jeffery of Fastly/Certainly and endorsed by Trevoli Ponds-White of Amazon and Clint Wilson of Apple.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot NS-006: Fix 1.2.2 encrypted connections scopingBallot NS-006: Fix 1.2.2 encrypted connections scopingIPR Review of Ballot NS-006: Fix 1.2.2 encrypted connections scoping This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is:

View on cabforum.org → Last fetched 15 hours ago