[Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention
Doug Beattie
doug.beattie at globalsign.com
Tue Sep 28 11:13:37 UTC 2021
GlobalSign votes yes on CSC-11.
Doug
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Ian
McMillan via Cscwg-public
Sent: Friday, September 24, 2021 7:01 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data
retention
Ballot CSC-11: Update to log data retention requirements
Purpose of this ballot:
Update the log data and retention of log data requirements in the Baseline
Requirement for the Issuance and Management of Publicly-Trusted Code Signing
Certificates v2.5. The following motion has been proposed by Ian McMillan of
Microsoft, and endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton
(Entrust).
- MOTION BEGINS -
This ballot updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates“ version 2.5
according to the attached redline which includes:
* Update section 15 “Data Records” removing references to [SSL/TLS]
Baseline Requirements for this section in totality
* Update section 15 “Data Records” to include sub-section 15.1
“Types of Events Recorded” and describing the requirements for CAs and
Third Party Delegates while removing “Signing Services”
* Update section 15 “Data Records” to include sub-section 15.2
“Timestamp Authority Data Records”
* Update section 15.1 to clarify 4(f) for security event logging on
Timestamp Authority servers
* Update section 15.1 on 4(d) for security event logging to no longer
include “hardware failures”
* Update section 15 “Data Records” to include sub-section 15.3
“Data Retention Period for Audit Logs”
* Update section 15.2 to no longer reference Baseline Requirements
section 5.4.3 and defined a specific retention period for CA, subscriber
certificate, Timestamp Authority, and security event data records for at
least 2 years
- MOTION ENDS -
The procedure for approval of this ballot is as follows:
Discussion (7 days)
Start Time: 2021-09-17, 19:00 Eastern Time (US)
End Time: not before 2021-09-24, 19:00 Eastern Time (US)
Vote for approval (7 days)
Start Time: 2021-09-24, 19:00 Eastern Time (US)
End Time: 2021-10-01, 19:00 Eastern Time (US)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/dced5538/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8424 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/dced5538/attachment-0001.p7s>
More information about the Cscwg-public
mailing list