[Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention

Tue Sep 28 11:25:12 UTC 2021

eMudhra votes YES on CSC-11.

Regards,
Vijay

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Ian McMillan via Cscwg-public
Sent: 25 September 2021 04:31
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention

Ballot CSC-11: Update to log data retention requirements<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24%26data%3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU%24&data=04%7C01%7Cvijay%40emudhra.com%7C778b1edc5aaa4e1551de08d97faf2be0%7C11219a1f9e6240568ee2d013be03405f%7C0%7C0%7C637681212634704576%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=k56pm6OiOnKJAd8lWA8uFVcacE%2BNQp97ldfEOVeImSg%3D&reserved=0>

Purpose of this ballot:
Update the log data and retention of log data requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.5. The following motion has been proposed by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton (Entrust).

- MOTION BEGINS -

This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 according to the attached redline which includes:

  *   Update section 15 “Data Records” removing references to [SSL/TLS] Baseline Requirements for this section in totality
  *   Update section 15 “Data Records” to include sub-section 15.1 “Types of Events Recorded” and describing the requirements for CAs and Third Party Delegates while removing “Signing Services”
  *   Update section 15 “Data Records” to include sub-section 15.2 “Timestamp Authority Data Records”
  *   Update section 15.1 to clarify 4(f) for security event logging on Timestamp Authority servers
  *   Update section 15.1 on 4(d) for security event logging to no longer include “hardware failures”
  *   Update section 15 “Data Records” to include sub-section 15.3 “Data Retention Period for Audit Logs”
  *   Update section 15.2 to no longer reference Baseline Requirements section 5.4.3 and defined a specific retention period for CA, subscriber certificate, Timestamp Authority, and security event data records for at least 2 years

- MOTION ENDS -

The procedure for approval of this ballot is as follows:

Discussion (7 days)
Start Time: 2021-09-17, 19:00 Eastern Time (US)
End Time: not before 2021-09-24, 19:00 Eastern Time (US)

Vote for approval (7 days)
Start Time: 2021-09-24, 19:00 Eastern Time (US)
End Time: 2021-10-01, 19:00 Eastern Time (US)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/e9262324/attachment.html>