[Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE: Ballot CSC-11: Update to log data retention requirements
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Sep 17 15:17:39 UTC 2021
I also confirm the endorsement of the ballot with the latest changes.
Thanks Bruce and Ian.
Dimitris.
On 17/9/2021 5:11 μ.μ., Bruce Morton wrote:
>
> Hi Ian,
>
> The changes look good to me. I confirm the endorsement of the ballot.
>
> Thanks, Bruce.
>
> *From:*Ian McMillan <ianmcm at microsoft.com>
> *Sent:* Friday, September 17, 2021 9:43 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com>;
> cscwg-public at cabforum.org; Dimitris Zacharopoulos (HARICA)
> <dzacharo at harica.gr>; Sebastian Schulz <sebastian.schulz at globalsign.com>
> *Subject:* RE: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE: Ballot
> CSC-11: Update to log data retention requirements
>
> Thank you, Bruce for the edits and the offer to endorse.
>
> On the 15.1 item 1 question, there are only 2 requirements since I
> pulled this part of the requirements from the BR version the CSBRs is
> currently referencing (1.6.9), but I did see that latest has the
> additional requirements stemming from the SC28 ballot which was
> focused on the records and log retention reduction. I am happy to add
> those requirements as they provide more granular details on the CA
> certificate and key events. I’ve edited the redline document now and
> have attached it here.
>
> If Dimitris and Bruce confirm their endorsements after this addition
> to 15.1(1), I’ll go ahead and start the ballot process.
>
> Thanks
>
> Ian
>
> *From:*Bruce Morton <Bruce.Morton at entrust.com
> <mailto:Bruce.Morton at entrust.com>>
> *Sent:* Tuesday, September 14, 2021 11:52 AM
> *To:* Ian McMillan <ianmcm at microsoft.com
> <mailto:ianmcm at microsoft.com>>; cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>; Dimitris Zacharopoulos (HARICA)
> <dzacharo at harica.gr <mailto:dzacharo at harica.gr>>; Sebastian Schulz
> <sebastian.schulz at globalsign.com <mailto:sebastian.schulz at globalsign.com>>
> *Subject:* RE: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE: Ballot
> CSC-11: Update to log data retention requirements
>
> Hi Ian,
>
> Under 15.1 item 1, why do we only have 2 requirements but the SSL BRs
> have 6 requirements? Did we have a reason for reducing the list?
>
> I have attached a markup where I have made some edits to some section
> numbers and a few other minor changes.
>
> I will endorse the ballot.
>
> Thanks, Bruce.
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org
> <mailto:wg-public-bounces at cabforum.org>> *On Behalf Of *Ian McMillan
> via Cscwg-public
> *Sent:* Tuesday, September 14, 2021 9:51 AM
> *To:* Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr
> <mailto:dzacharo at harica.gr>>; cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>; Sebastian Schulz
> <sebastian.schulz at globalsign.com <mailto:sebastian.schulz at globalsign.com>>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE: Ballot
> CSC-11: Update to log data retention requirements
>
> Hello,
>
> I’ve incorporated all the feedback and based the attached redline off
> the most recently published version of the CSBRs v2.5.
>
> If Dimitris is still willing to endorse this ballot, I only need one
> more endorser. Can I please get another endorser for this ballot?
>
> Thanks,
> Ian
>
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr
> <mailto:dzacharo at harica.gr>>
> *Sent:* Thursday, September 9, 2021 6:16 AM
> *To:* Ian McMillan <ianmcm at microsoft.com
> <mailto:ianmcm at microsoft.com>>; cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>; Sebastian Schulz
> <sebastian.schulz at globalsign.com <mailto:sebastian.schulz at globalsign.com>>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE: Ballot
> CSC-11: Update to log data retention requirements
>
> On 8/9/2021 11:01 μ.μ., Ian McMillan wrote:
>
> Thanks Seb and Dimitris!
>
> I am totally with Dimitris on this topic and I like the addition
> “note” Dimitris and Clint are putting into the BRs (so much so I
> am incorporating it). Please see that attached revise of the
> redline doc.
>
>
> Hi Ian,
>
> Procedure-wise, the red-line and the "Draft Guideline" that is put for
> a ballot, must be based on the at-the-time effective Final Guideline,
> which is currently 2.3. The Revisions table should also not be part of
> the ballot because we are running ballots in parallel and might
> stumble on minor deviations with effective dates, unless we have
> reasons to update tables with version numbers. This is explicitly
> called out in the Bylaws
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Fgithub.com*2Fcabforum*2Fforum*2Fblob*2Fmain*2FBylaws.md*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999562221*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3Db5Zk68ET4XdhoEwKZY3OX17Wtec*2FxVMp193AHjpMO4E*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUo891wN5k*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443713044*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=abO06rUQzu1vv2xkBijBDhjSqb02CAKc22NBhxl0N*2FY*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqJSUqKioqKioqKioqKiolJSoqJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-oKnB_T0$>section
> 2.4 (8).
>
> For example, CSC-9 has ended the IPR review period but the
> Chair/Vice-Chair must announce the end of the IPR Review Period,
> making sure that no Exclusion Notices have been filed, and publish the
> final guideline based on that ballot. The effective date would be the
> day the final guideline is published (not 2021-09-08). The same
> applies to CSC-10. For those reasons, and considering the fact that
> the IPR Review for CSC-10 ends very soon (2021-09-12), I would suggest
> that you wait a couple of days and base your redline on the Final
> Guideline that will be published by Bruce based on CSC-10 to start the
> discussion period.
>
> Regarding your comment on 15.1 about Signing Services, I agree that it
> seems out of place and would propose to remote it so that the text
> reads "CAs and each Delegated Third Party SHALL..."
>
> Similarly for the "Note" in section 15.3, I suggest replacing "Signing
> Service" with "Delegated Third Parties".
>
> Happy to endorse with the changes above, if there are no objections by
> other Members.
>
>
> Best regards,
> Dimitris.
>
> Thanks,
>
> Ian
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org>*On Behalf Of *Dimitris
> Zacharopoulos (HARICA) via Cscwg-public
> *Sent:* Thursday, September 2, 2021 6:52 AM
> *To:* Sebastian Schulz <sebastian.schulz at globalsign.com>
> <mailto:sebastian.schulz at globalsign.com>;
> cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE:
> Ballot CSC-11: Update to log data retention requirements
>
> Hi Sebastian,
>
> I'd like to share with the CSCWG a proposal I wrote after some
> collaboration with Clint Wilson from Apple. You may find the
> proposed changes to the BRs in
> https://github.com/dzacharo/servercert/pull/2/files
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Fgithub.com*2Fdzacharo*2Fservercert*2Fpull*2F2*2Ffiles*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999572177*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DnoVaBPqqk8vMOAvxeIVFOpeWyYmsqDAu1q2zhgMigss*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoxn44LQk*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443713044*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=TCWTCfvRAcp7yZxDOXFyMVH*2FDzjAe0VBSgn4uKw9skM*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSU!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-1YSStFk$>.
>
> The fact that the retention period has a lower limit, nothing
> prevents a CA from keeping logs/archives for longer periods in
> order to investigate past security incidents. This is highlighted
> in a NOTE in the proposal above. Similarly the NetSec SCWG
> subcommittee is working on a draft in
> https://docs.google.com/document/d/1SCyrt8la1slPJhvnWUW6ROlqIV3yaDwb3LKZ5qjdiH4
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Fdocs.google.com*2Fdocument*2Fd*2F1SCyrt8la1slPJhvnWUW6ROlqIV3yaDwb3LKZ5qjdiH4*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999572177*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DHyN*2BOns4iQ8tG1eq5thB9njrTonCw0hfMrTVKG5tl08*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoKcVtQGU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443722999*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=iZ0w4z0uQbb0YcqugEtNPkKLgu9DWO9xrSrJsdw5EJw*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKiUlKioqKioqKioqKioqJSUqKiUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-0K7ATAE$>.
>
> For the CA Certificates' retention period, which is proposed to be
> 2 years after the expiration/revocation/key deletion of the CA,
> IMHO the same principle applies. The CA must determine if it needs
> to keep logs for more time in order to perform proper
> retrospection related to a security incident AFTER a CA has been
> decommissioned.
>
>
> Thanks,
> Dimitris.
>
> On 2/9/2021 1:35 μ.μ., Sebastian Schulz via Cscwg-public wrote:
>
> Hey All, Hey Ian
>
> What seems a little odd to me is that the requirements for the
> duration of log retention are the same for CA certificates as
> for subscriber certificates, given their wildly different
> original validity periods. I know the TLS BR handle it like
> that as well but come to think of it….isn’t the purpose of log
> retention to be able to identify possible errors in operation
> of a CA from the aftermath? Since CA certificate lifecycle
> operations are carried out at much lower frequency than those
> for subscriber certificates, I would have assumed that more
> logged time is needed to identify possible systemic errors (in
> contrast, 2 years retention for subscriber certificates with
> max 3 year validity almost seems long)
>
> Just a thought that came to mind, maybe I just missed
> discussion around it. Or another discussion needs to be had,
> but not for this ballot then. When it comes to adding TS
> requirements and detaching it from TLS BR - looks good to me 😊
>
> Best,
>
> Seb
>
> *Sebastian Schulz*
> /Product Manager Client Certificates/
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org>*On Behalf Of *Ian
> McMillan via Cscwg-public
> *Sent:* 01 September 2021 17:00
> *To:* Ian McMillan <ianmcm at microsoft.com>
> <mailto:ianmcm at microsoft.com>; cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>; dzacharo at harica.gr
> <mailto:dzacharo at harica.gr>; Bruce.Morton at entrust.com
> <mailto:Bruce.Morton at entrust.com>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE:
> Ballot CSC-11: Update to log data retention requirements
>
> Hi All,
>
> Please review the attached updated redline with the removal of
> all references to the SSL/TLS BRs for section 15 on data records.
>
> I’d like to note that Signing Services are included in the
> data records requirements but seem really out of place as they
> are responsible for subscriber key generation and protection
> as it is described in section 16.2, and not the management or
> creation of CA certificates. I could easily see us removing
> Sign Services from this section or authoring a new set of
> requirements for signing services as part of the refinement of
> the CSBRs for signing services.
>
> Thanks,
>
> Ian
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org>*On Behalf Of *Ian
> McMillan via Cscwg-public
> *Sent:* Wednesday, September 1, 2021 8:27 AM
> *To:* dzacharo at harica.gr <mailto:dzacharo at harica.gr>;
> Bruce.Morton at entrust.com <mailto:Bruce.Morton at entrust.com>;
> cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Re: DISCUSS/ENDORSE:
> Ballot CSC-11: Update to log data retention requirements
>
> Hi Bruce and Dimitris,
>
> I like this idea and I’ll work on this update to share with
> the group before next week’s meeting.
>
> Thanks,
>
> Ian
>
> Get Outlook for iOS
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Faka.ms*2Fo0ukef*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999572177*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3D8uyyUIB21wuS3I8t9jdKGkJqrunPVSZMyE7g*2FIEDBHM*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoIsKKC6w*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443722999*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=FJjNsbPi9WYrk91eVHM6EqpMJ58Cj9vA6RA31C1plfs*3D&reserved=0__;JSUlJSUlJSUlJSoqKiolJSoqKioqKioqKioqKiUlKiolJSUlJSUlJSUlJSUlJSUlJQ!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-IKKKL38$>
>
> ------------------------------------------------------------------------
>
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr
> <mailto:dzacharo at harica.gr>>
> *Sent:* Wednesday, September 1, 2021 8:16:03 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com
> <mailto:Bruce.Morton at entrust.com>>; cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org><cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>>; Ian McMillan
> <ianmcm at microsoft.com <mailto:ianmcm at microsoft.com>>
> *Subject:* [EXTERNAL] Re: [Cscwg-public] DISCUSS/ENDORSE:
> Ballot CSC-11: Update to log data retention requirements
>
> On 26/8/2021 9:00 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> Hi Ian,
>
> I am wondering if we could change the text, so we do not
> reference the SSL BRs. I’m saying this because:
>
> 1. CSBRs refer to SSL BR version 1.6.9, which was updated
> per SC27
> 2. CSBR section 15.2 would be easier to read
> 3. CSBR section 15.2 would be independent of the SSL BRs,
> which goes in the direction of our goal
>
> Thanks, Bruce.
>
>
> I agree with Bruce. We should try to incorporate text from the
> TLS BRs that makes sense for the CS BRs as much as we can and
> avoid references that have the risk of becoming broken or
> amended by the SCWG.
>
>
> Thanks,
> Dimitris.
>
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of
> *Ian McMillan via Cscwg-public
> *Sent:* Thursday, August 26, 2021 12:29 PM
> *To:* cscwg-public at cabforum.org
> <mailto:cscwg-public at cabforum.org>
> *Subject:* [EXTERNAL] [Cscwg-public] DISCUSS/ENDORSE:
> Ballot CSC-11: Update to log data retention requirements
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the
> sender and know the content is safe.
>
> ------------------------------------------------------------------------
>
> Hi Folks,
>
> I am looking for feedback and at least two endorsements on
> this new ballot I am proposing. Please share your feedback
> and if you are willing to endorse this ballot.
>
> Ballot CSC-11: Update to log data retention requirements
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443732958*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=rmFiBDtfN0oqKCs62Ivvtm1EBSaTeIJsKZcugCXTjBs*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJQ!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-bslXpOM$>
>
> Purpose of this ballot:
>
> Update the log data and retention of log data requirements
> in the Baseline Requirement for the Issuance and
> Management of Publicly-Trusted Code Signing Certificates v2.5.
>
> The following motion has been proposed by Ian McMillan of
> Microsoft, and I am looking for endorsements from two
> other members of the CSCWG.
>
> — MOTION BEGINS —
>
> This ballot updates the “Baseline Requirements for the
> Issuance and Management of Publicly‐Trusted Code Signing
> Certificates“ version 2.5 according to the attached
> redline which including
>
> Update section 15 “Data Records” to include sub-section
> 15.1 “Timestamp Authority Data Records”
>
> Update section 15.1 to clarify 4(f) for security event
> logging on Timestamp Authority servers
>
> Update section 15.1 on 4(d) for security event logging to
> no longer include “hardware failures”
>
> Update section 15 “Data Records” to include sub-section
> 15.2 “Data Retention Period for Audit Logs”
>
> Update section 15.2 to no longer reference Baseline
> Requirements section 5.4.3 and defined a specific
> retention period for CA, subscriber certificate, Timestamp
> Authority, and security event data records for at least 2
> years
>
> — MOTION ENDS —
>
> Thanks,
>
> Ian
>
> /Any email and files/attachments transmitted with it are
> confidential and are intended solely for the use of the
> individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy,
> distribute or disclose of the information it contains.
> _Please notify Entrust immediately_ and delete the message
> from your system./
>
> _______________________________________________
>
> Cscwg-public mailing list
>
> Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org>
>
> https://lists.cabforum.org/mailman/listinfo/cscwg-public <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Flists.cabforum.org*2Fmailman*2Flistinfo*2Fcscwg-public*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DW4Mjx*2F8lcP*2BWdBj*2BH2QLFP5RCzk9dUWrUpy5YF10r*2Fw*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUod_xeotA*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443732958*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=9jmzZ3v31ZJ5*2BoXsEPhgA4HpHz8rkOI3Cbeog29AaXE*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKiUlKioqKioqKioqKioqJSUqKioqKiUlJSUlJSUlJSUlJSUlJSUlJQ!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-MlXFKbY$>
>
> _______________________________________________
>
> Cscwg-public mailing list
>
> Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org>
>
> https://lists.cabforum.org/mailman/listinfo/cscwg-public <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Flists.cabforum.org*2Fmailman*2Flistinfo*2Fcscwg-public*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999592071*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3D*2FIS2jPWsYInBSK*2BbNmi1sAoCWd9DeVIdbKFnR5uND8c*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoO7alsFk*24&data=04*7C01*7Cianmcm*40microsoft.com*7C0e371d5a2a8840dfa11708d9779795a5*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637672315443742907*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=NBdI9YEwwZaL70cDfrNsPA*2BS0c9VcIo*2BwJsU8Ai98rw*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKiUlKioqKioqKioqKioqJSUqKiolJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!JtgAtE44FcWysgShmNfoZD6oEhE1VyLTcgn7aa33mwhs52HewrWNhjlB9Ed-WSRouA4$>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210917/ffdd9798/attachment-0001.html>
More information about the Cscwg-public
mailing list