<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Sebastian,<br>
<br>
I'd like to share with the CSCWG a proposal I wrote after some
collaboration with Clint Wilson from Apple. You may find the
proposed changes to the BRs in
<a class="moz-txt-link-freetext" href="https://github.com/dzacharo/servercert/pull/2/files">https://github.com/dzacharo/servercert/pull/2/files</a>.<br>
<br>
The fact that the retention period has a lower limit, nothing
prevents a CA from keeping logs/archives for longer periods in order
to investigate past security incidents. This is highlighted in a
NOTE in the proposal above. Similarly the NetSec SCWG subcommittee
is working on a draft in
<a class="moz-txt-link-freetext" href="https://docs.google.com/document/d/1SCyrt8la1slPJhvnWUW6ROlqIV3yaDwb3LKZ5qjdiH4">https://docs.google.com/document/d/1SCyrt8la1slPJhvnWUW6ROlqIV3yaDwb3LKZ5qjdiH4</a>.<br>
<br>
For the CA Certificates' retention period, which is proposed to be 2
years after the expiration/revocation/key deletion of the CA, IMHO
the same principle applies. The CA must determine if it needs to
keep logs for more time in order to perform proper retrospection
related to a security incident AFTER a CA has been decommissioned.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<div class="moz-cite-prefix">On 2/9/2021 1:35 μ.μ., Sebastian Schulz
via Cscwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100017ba613ed99-c08b2e03-5487-49dc-a438-30a373d0f311-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:SimSun;
mso-fareast-language:ZH-CN;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:SimSun;
mso-fareast-language:ZH-CN;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:ZH-CN;}p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:ZH-CN;}p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
{mso-style-name:x_msolistparagraph;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:ZH-CN;}span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0cm;}ul
{margin-bottom:0cm;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">Hey
All, Hey Ian<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">What
seems a little odd to me is that the requirements for the
duration of log retention are the same for CA certificates
as for subscriber certificates, given their wildly different
original validity periods. I know the TLS BR handle it like
that as well but come to think of it….isn’t the purpose of
log retention to be able to identify possible errors in
operation of a CA from the aftermath? Since CA certificate
lifecycle operations are carried out at much lower frequency
than those for subscriber certificates, I would have assumed
that more logged time is needed to identify possible
systemic errors (in contrast, 2 years retention for
subscriber certificates with max 3 year validity almost
seems long)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">Just
a thought that came to mind, maybe I just missed discussion
around it. Or another discussion needs to be had, but not
for this ballot then. When it comes to adding TS
requirements and detaching it from TLS BR - looks good to me
</span><span style="font-size:11.0pt;font-family:"Segoe
UI Emoji",sans-serif;mso-fareast-language:EN-US">😊</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">Best,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US">Seb<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#666666;mso-fareast-language:EN-US"
lang="EN-US">Sebastian Schulz</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><br>
</span><i><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#666666;mso-fareast-language:EN-GB">Product
Manager Client Certificates</span></i><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US"> Cscwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a> <b>On Behalf
Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> 01 September 2021 17:00<br>
<b>To:</b> Ian McMillan <a class="moz-txt-link-rfc2396E" href="mailto:ianmcm@microsoft.com"><ianmcm@microsoft.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>;
<a class="moz-txt-link-abbreviated" href="mailto:Bruce.Morton@entrust.com">Bruce.Morton@entrust.com</a><br>
<b>Subject:</b> Re: [Cscwg-public] [EXTERNAL] Re:
DISCUSS/ENDORSE: Ballot CSC-11: Update to log data
retention requirements<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Hi All,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Please review the attached updated redline with
the removal of all references to the SSL/TLS BRs for section
15 on data records.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">I’d like to note that Signing Services are
included in the data records requirements but seem really
out of place as they are responsible for subscriber key
generation and protection as it is described in section
16.2, and not the management or creation of CA certificates.
I could easily see us removing Sign Services from this
section or authoring a new set of requirements for signing
services as part of the refinement of the CSBRs for signing
services. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US">Ian <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US"> Cscwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:cscwg-public-bounces@cabforum.org"><cscwg-public-bounces@cabforum.org></a> <b>On Behalf
Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> Wednesday, September 1, 2021 8:27 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>; <a class="moz-txt-link-abbreviated" href="mailto:Bruce.Morton@entrust.com">Bruce.Morton@entrust.com</a>;
<a class="moz-txt-link-abbreviated" href="mailto:cscwg-public@cabforum.org">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> Re: [Cscwg-public] [EXTERNAL] Re:
DISCUSS/ENDORSE: Ballot CSC-11: Update to log data
retention requirements<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US">Hi Bruce and
Dimitris,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US">I like this idea and
I</span><span style="color:black" lang="ZH-CN">’</span><span
style="color:black" lang="EN-US">ll work on this
update to share with the group before next week</span><span
style="color:black" lang="ZH-CN">’</span><span
style="color:black" lang="EN-US">s meeting.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US">Thanks,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span
style="color:black" lang="EN-US">Ian<o:p></o:p></span></p>
</div>
</div>
<div id="ms-outlook-mobile-signature">
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US">Get <a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef&data=04%7C01%7Cianmcm%40microsoft.com%7Cd8eca44b0c5e4d00879208d96d43c57f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637660960159797438%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FZ59XahuoMTgbxrzrka5YAhhA8QbWCh2%2FOKTdhCgahU%3D&reserved=0"
moz-do-not-send="true">Outlook for iOS</a><o:p></o:p></span></p>
</div>
</div>
<div class="MsoNormal" style="text-align:center" align="center"><span
lang="EN-US">
<hr width="98%" size="2" align="center"></span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"
lang="EN-US"> Dimitris Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr" moz-do-not-send="true">dzacharo@harica.gr</a>><br>
<b>Sent:</b> Wednesday, September 1, 2021 8:16:03 AM<br>
<b>To:</b> Bruce Morton <<a
href="mailto:Bruce.Morton@entrust.com"
moz-do-not-send="true">Bruce.Morton@entrust.com</a>>;
<a href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a>
<<a href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a>>;
Ian McMillan <<a href="mailto:ianmcm@microsoft.com"
moz-do-not-send="true">ianmcm@microsoft.com</a>><br>
<b>Subject:</b> [EXTERNAL] Re: [Cscwg-public]
DISCUSS/ENDORSE: Ballot CSC-11: Update to log data
retention requirements</span><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 26/8/2021 9:00 </span><span
lang="ZH-CN">μ</span><span lang="EN-US">.</span><span
lang="ZH-CN">μ</span><span lang="EN-US">., Bruce Morton
via Cscwg-public wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="xmsonormal"><span lang="EN-US">Hi Ian,<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">I am wondering if
we could change the text, so we do not reference the
SSL BRs. I’m saying this because:<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="xmsolistparagraph"
style="margin-left:0cm;mso-list:l1 level1 lfo3"><span
lang="EN-US">CSBRs refer to SSL BR version 1.6.9,
which was updated per SC27<o:p></o:p></span></li>
<li class="xmsolistparagraph"
style="margin-left:0cm;mso-list:l1 level1 lfo3"><span
lang="EN-US">CSBR section 15.2 would be easier to
read<o:p></o:p></span></li>
<li class="xmsolistparagraph"
style="margin-left:0cm;mso-list:l1 level1 lfo3"><span
lang="EN-US">CSBR section 15.2 would be independent
of the SSL BRs, which goes in the direction of our
goal<o:p></o:p></span></li>
</ul>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">Thanks, Bruce.<o:p></o:p></span></p>
</div>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
lang="EN-US"><br>
I agree with Bruce. We should try to incorporate text from
the TLS BRs that makes sense for the CS BRs as much as we
can and avoid references that have the risk of becoming
broken or amended by the SCWG.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="xmsonormal"><b><span lang="EN-US">From:</span></b><span
lang="EN-US"> Cscwg-public <a
href="mailto:cscwg-public-bounces@cabforum.org"
moz-do-not-send="true"><cscwg-public-bounces@cabforum.org></a>
<b>On Behalf Of </b>Ian McMillan via Cscwg-public<br>
<b>Sent:</b> Thursday, August 26, 2021 12:29 PM<br>
<b>To:</b> <a
href="mailto:cscwg-public@cabforum.org"
moz-do-not-send="true">cscwg-public@cabforum.org</a><br>
<b>Subject:</b> [EXTERNAL] [Cscwg-public]
DISCUSS/ENDORSE: Ballot CSC-11: Update to log data
retention requirements<o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span
style="font-size:12.0pt;font-family:SimSun"
lang="EN-US">WARNING: This email originated outside of
Entrust.<br>
DO NOT CLICK links or attachments unless you trust the
sender and know the content is safe.</span><span
lang="EN-US"><o:p></o:p></span></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span lang="EN-US">
<hr width="100%" size="1" align="center"></span></div>
<p class="xmsonormal"><span lang="EN-US">Hi Folks, <br>
<br>
I am looking for feedback and at least two
endorsements on this new ballot I am proposing. Please
share your feedback and if you are willing to endorse
this ballot.<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US"><a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwiki.cabforum.org%2Fcscwg%2Fcsc_11_-_update_to_log_data_retention_requirements__%3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0%24&data=04%7C01%7Cianmcm%40microsoft.com%7Cd8eca44b0c5e4d00879208d96d43c57f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637660960159807394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DlBAif7z2cKBTI%2FGqxkwPJSj%2BndNeDaY8DIt0L9TAcM%3D&reserved=0"
moz-do-not-send="true">Ballot CSC-11: Update to log
data retention requirements</a><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">Purpose of this ballot:<o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">Update the log data and retention of log
data requirements in the Baseline Requirement for the
Issuance and Management of Publicly-Trusted Code
Signing Certificates v2.5.<o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">The following motion has been proposed by
Ian McMillan of Microsoft, and I am looking for
endorsements from two other members of the CSCWG. <o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">— MOTION BEGINS —<o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">This ballot updates the “Baseline
Requirements for the Issuance and Management of
Publicly‐Trusted Code Signing Certificates“ version
2.5 according to the attached redline which including<o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsolistparagraph"
style="margin-left:72.0pt;text-indent:-18.0pt"><span
lang="EN-US">Update section 15 “Data Records” to
include sub-section 15.1 “Timestamp Authority Data
Records”<o:p></o:p></span></p>
<p class="xmsolistparagraph"
style="margin-left:72.0pt;text-indent:-18.0pt"><span
lang="EN-US">Update section 15.1 to clarify 4(f) for
security event logging on Timestamp Authority servers<o:p></o:p></span></p>
<p class="xmsolistparagraph"
style="margin-left:72.0pt;text-indent:-18.0pt"><span
lang="EN-US">Update section 15.1 on 4(d) for security
event logging to no longer include “hardware failures”<o:p></o:p></span></p>
<p class="xmsolistparagraph"
style="margin-left:72.0pt;text-indent:-18.0pt"><span
lang="EN-US">Update section 15 “Data Records” to
include sub-section 15.2 “Data Retention Period for
Audit Logs”<o:p></o:p></span></p>
<p class="xmsolistparagraph"
style="margin-left:72.0pt;text-indent:-18.0pt"><span
lang="EN-US">Update section 15.2 to no longer
reference Baseline Requirements section 5.4.3 and
defined a specific retention period for CA, subscriber
certificate, Timestamp Authority, and security event
data records for at least 2 years<o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal" style="margin-left:36.0pt"><span
lang="EN-US">— MOTION ENDS —<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">Ian<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><i><span
lang="EN-US">Any email and files/attachments
transmitted with it are confidential and are intended
solely for the use of the individual or entity to whom
they are addressed. If this message has been sent to
you in error, you must not copy, distribute or
disclose of the information it contains. <u>Please
notify Entrust immediately</u> and delete the
message from your system.</span></i><span lang="EN-US">
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">Cscwg-public mailing list<o:p></o:p></span></pre>
<pre><span lang="EN-US"><a href="mailto:Cscwg-public@cabforum.org" moz-do-not-send="true">Cscwg-public@cabforum.org</a><o:p></o:p></span></pre>
<pre><span lang="EN-US"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fcscwg-public&data=04%7C01%7Cianmcm%40microsoft.com%7Cd8eca44b0c5e4d00879208d96d43c57f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637660960159807394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gxnz5FL9k68x5c6%2FBwbjYHvc0P%2FeeZJx4byydeKeQac%3D&reserved=0" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Cscwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Cscwg-public@cabforum.org">Cscwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/cscwg-public">https://lists.cabforum.org/mailman/listinfo/cscwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>