[Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention
Ian McMillan
ianmcm at microsoft.com
Fri Sep 24 23:00:41 UTC 2021
Ballot CSC-11: Update to log data retention requirements<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24%26data%3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU%24&data=04%7C01%7Cianmcm%40microsoft.com%7C01e89b1c05da47fcdfba08d97a2f1984%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637675165228324176%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dKwimRLyToP%2FcULHIYvxeB%2FMitrVOoTRe5ql7h4qZrA%3D&reserved=0>
Purpose of this ballot:
Update the log data and retention of log data requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.5. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton (Entrust).
- MOTION BEGINS -
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 according to the attached redline which includes:
* Update section 15 “Data Records” removing references to [SSL/TLS] Baseline Requirements for this section in totality
* Update section 15 “Data Records” to include sub-section 15.1 “Types of Events Recorded” and describing the requirements for CAs and Third Party Delegates while removing “Signing Services”
* Update section 15 “Data Records” to include sub-section 15.2 “Timestamp Authority Data Records”
* Update section 15.1 to clarify 4(f) for security event logging on Timestamp Authority servers
* Update section 15.1 on 4(d) for security event logging to no longer include “hardware failures”
* Update section 15 “Data Records” to include sub-section 15.3 “Data Retention Period for Audit Logs”
* Update section 15.2 to no longer reference Baseline Requirements section 5.4.3 and defined a specific retention period for CA, subscriber certificate, Timestamp Authority, and security event data records for at least 2 years
- MOTION ENDS -
The procedure for approval of this ballot is as follows:
Discussion (7 days)
Start Time: 2021-09-17, 19:00 Eastern Time (US)
End Time: not before 2021-09-24, 19:00 Eastern Time (US)
Vote for approval (7 days)
Start Time: 2021-09-24, 19:00 Eastern Time (US)
End Time: 2021-10-01, 19:00 Eastern Time (US)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210924/38785759/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5+CSC-11_v2_redline.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 94961 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5+CSC-11_v2_redline.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210924/38785759/attachment-0001.docx>
More information about the Cscwg-public
mailing list