[Cscwg-public] Reminder - Voting Begins: Ballot CSC-11: Update to log data retention

Andrea Holland AHolland at securetrust.com
Fri Oct 1 18:13:31 UTC 2021


SecureTrust votes yes on CSC-11.

Regards,
Andrea Holland

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Bruce Morton via Cscwg-public
Sent: Thursday, September 30, 2021 10:55 AM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Reminder - Voting Begins: Ballot CSC-11: Update to log data retention

Voting period ends on October 1st at 19:00 ET.

Bruce

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Ian McMillan via Cscwg-public
Sent: Friday, September 24, 2021 7:01 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [EXTERNAL] [Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________

Ballot CSC-11: Update to log data retention requirements<https://scanmail.trustwave.com/?c=4062&d=vM_V4cKakevz_n9GqROOJvYKtUFN3R2TkCohwGkXCg&s=5&u=https%3a%2f%2furldefense%2ecom%2fv3%2f%5f%5fhttps%3a%2fnam06%2esafelinks%2eprotection%2eoutlook%2ecom%2f%3furl%3dhttps%2a3A%2a2F%2a2Furldefense%2ecom%2a2Fv3%2a2F%5f%5fhttps%2a3A%2a2Fnam06%2esafelinks%2eprotection%2eoutlook%2ecom%2a2F%2a3Furl%2a3Dhttps%2a3A%2a2F%2a2Furldefense%2ecom%2a2Fv3%2a2F%5f%5fhttps%2a3A%2a2Fwiki%2ecabforum%2eorg%2a2Fcscwg%2a2Fcsc%5f11%5f-%5fupdate%5fto%5flog%5fdata%5fretention%5frequirements%5f%5f%2a3B%21%21FJ-Y8qCqXTj2%21OxtP9iVwcvkR2NB3D6%5f-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0%2a24%2a26data%2a3D04%2a7C01%2a7Cianmcm%2a40microsoft%2ecom%2a7Ce3bd2ae0dce4468183c108d9737ae5b0%2a7C72f988bf86f141af91ab2d7cd011db47%2a7C0%2a7C0%2a7C637667794999582131%2a7CUnknown%2a7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%2a3D%2a7C1000%2a26sdata%2a3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE%2a3D%2a26reserved%2a3D0%5f%5f%2a3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl%21%21FJ-Y8qCqXTj2%21NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU%2a24%26data%3d04%2a7C01%2a7Cianmcm%2a40microsoft%2ecom%2a7C01e89b1c05da47fcdfba08d97a2f1984%2a7C72f988bf86f141af91ab2d7cd011db47%2a7C0%2a7C0%2a7C637675165228324176%2a7CUnknown%2a7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%2a3D%2a7C1000%26sdata%3ddKwimRLyToP%2a2FcULHIYvxeB%2a2FMitrVOoTRe5ql7h4qZrA%2a3D%26reserved%3d0%5f%5f%3bJSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSUl%21%21FJ-Y8qCqXTj2%21ITKna9KcfXc7HkRFu1gX%5fSx3mUCs01wd3i8d3YDOWczknOMX4XiG3L1IFtkcvO3ZVyU%24>

Purpose of this ballot:
Update the log data and retention of log data requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.5. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton (Entrust).

- MOTION BEGINS -

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 according to the attached redline which includes:


  *   Update section 15 “Data Records” removing references to [SSL/TLS] Baseline Requirements for this section in totality
  *   Update section 15 “Data Records” to include sub-section 15.1 “Types of Events Recorded” and describing the requirements for CAs and Third Party Delegates while removing “Signing Services”
  *   Update section 15 “Data Records” to include sub-section 15.2 “Timestamp Authority Data Records”
  *   Update section 15.1 to clarify 4(f) for security event logging on Timestamp Authority servers
  *   Update section 15.1 on 4(d) for security event logging to no longer include “hardware failures”
  *   Update section 15 “Data Records” to include sub-section 15.3 “Data Retention Period for Audit Logs”
  *   Update section 15.2 to no longer reference Baseline Requirements section 5.4.3 and defined a specific retention period for CA, subscriber certificate, Timestamp Authority, and security event data records for at least 2 years

- MOTION ENDS -

The procedure for approval of this ballot is as follows:

Discussion (7 days)
Start Time: 2021-09-17, 19:00 Eastern Time (US)
End Time: not before 2021-09-24, 19:00 Eastern Time (US)

Vote for approval (7 days)
Start Time: 2021-09-24, 19:00 Eastern Time (US)
End Time: 2021-10-01, 19:00 Eastern Time (US)


Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20211001/51eae82e/attachment-0001.html>


More information about the Cscwg-public mailing list