<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 26/8/2021 9:00 μ.μ., Bruce Morton
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017b839ebf4a-d0a57ef7-55d9-4170-8c12-4da9a3600788-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi Ian,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am wondering if we could change the text,
so we do not reference the SSL BRs. I’m saying this because:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3">CSBRs refer
to SSL BR version 1.6.9, which was updated per SC27<o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3">CSBR section
15.2 would be easier to read<o:p></o:p></li>
<li class="MsoListParagraph"
style="margin-left:0in;mso-list:l1 level1 lfo3">CSBR section
15.2 would be independent of the SSL BRs, which goes in the
direction of our goal<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks, Bruce.</p>
</div>
</blockquote>
<br>
I agree with Bruce. We should try to incorporate text from the TLS
BRs that makes sense for the CS BRs as much as we can and avoid
references that have the risk of becoming broken or amended by the
SCWG.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:0100017b839ebf4a-d0a57ef7-55d9-4170-8c12-4da9a3600788-000000@email.amazonses.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Cscwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a>
<b>On Behalf Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> Thursday, August 26, 2021 12:29 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] [Cscwg-public] DISCUSS/ENDORSE:
Ballot CSC-11: Update to log data retention requirements<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:SimSun">WARNING: This
email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the
sender and know the content is safe.<o:p></o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:SimSun">
<hr width="100%" size="2" align="center">
</span></div>
<p class="MsoNormal">Hi Folks, <br>
<br>
I am looking for feedback and at least two endorsements on
this new ballot I am proposing. Please share your feedback and
if you are willing to endorse this ballot.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a
href="https://urldefense.com/v3/__https:/wiki.cabforum.org/cscwg/csc_11_-_update_to_log_data_retention_requirements__;!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0$"
moz-do-not-send="true">Ballot CSC-11: Update to log data
retention requirements</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Purpose of this
ballot:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Update the log
data and retention of log data requirements in the Baseline
Requirement for the Issuance and Management of
Publicly-Trusted Code Signing Certificates v2.5.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">The following
motion has been proposed by Ian McMillan of Microsoft, and I
am looking for endorsements from two other members of the
CSCWG.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">— MOTION BEGINS —<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">This ballot
updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates“
version 2.5 according to the attached redline which including<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1
lfo2">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Update section 15 “Data Records”
to include sub-section 15.1 “Timestamp Authority Data Records”<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1
lfo2">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Update section 15.1 to clarify
4(f) for security event logging on Timestamp Authority servers<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1
lfo2">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Update section 15.1 on 4(d) for
security event logging to no longer include “hardware
failures”<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1
lfo2">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Update section 15 “Data Records”
to include sub-section 15.2 “Data Retention Period for Audit
Logs”<o:p></o:p></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1
lfo2">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Update section 15.2 to no longer
reference Baseline Requirements section 5.4.3 and defined a
specific retention period for CA, subscriber certificate,
Timestamp Authority, and security event data records for at
least 2 years<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">— MOTION ENDS —<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Ian<o:p></o:p></p>
</div>
<i>Any email and files/attachments transmitted with it are
confidential and are intended solely for the use of the
individual or entity to whom they are addressed. If this message
has been sent to you in error, you must not copy, distribute or
disclose of the information it contains. <u>Please notify
Entrust immediately</u> and delete the message from your
system.</i>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>