[Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: Update to log data retention
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Sep 28 15:56:17 UTC 2021
On 28/9/2021 6:53 μ.μ., Bruce Morton wrote:
>
> I am asking if CSC-11 can move forward as is OR do we have to take an
> action to allow CSC-11 to get passed.
>
IMO *Ian must start the voting period* by sending the same e-mail
(including the redline) and then r*eset the 7 days voting period*. We
should be fine because we haven't passed the 21 days from last post of a
draft. Members that already voted will have to re-vote.
Thanks,
Dimitris.
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Tuesday, September 28, 2021 11:51 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11:
> Update to log data retention
>
> On 28/9/2021 6:46 μ.μ., Bruce Morton wrote:
>
> Hi Dimitris,
>
> Do we have any action for ballot CSC-11?
>
>
> I'm not sure what you mean.
>
> Are you asking what steps we should perform for CSC-11?
>
>
> Dimitris.
>
>
> Bruce.
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of *Dimitris
> Zacharopoulos (HARICA) via Cscwg-public
> *Sent:* Tuesday, September 28, 2021 11:43 AM
> *To:* Bruce Morton via Cscwg-public <cscwg-public at cabforum.org>
> <mailto:cscwg-public at cabforum.org>
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot
> CSC-11: Update to log data retention
>
> Hi Bruce,
>
> According to the Bylaws section 2.3 (3), it is possible for the
> discussion period to be more than 7 days so the *proposer* of the
> ballot must explicitly start the voting period which is for
> exactly 7 days. I don't think Ian started the voting period.
>
> /"Once no new version of the ballot has been posted for seven (7)
> calendar days, *the proposer may end the discussion period and
> start the voting period* by *reposting the final version of the
> ballot* and clearly i*ndicating that voting is to begin*, along
> with the start and end dates and times (including time zone) for
> the voting period"/
>
> Also, Ian's original email had a link to the wiki, which is not
> publicly available (thus not acceptable according to the Bylaws),
> but the redline that was attached met the requirements. This
> redline needs to be re-sent when Ian starts the voting period.
>
> I am highlighting this for future ballots so that if there is only
> a pointer to a redline hosted at an external site, the link must
> be pointing to a public and immutable redline.
>
> Sorry for reporting this but it's best to do this right than
> having challenges in the future.
>
>
> Thanks,
> Dimitris.
>
>
> On 27/9/2021 3:11 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> Entrust votes Yes to ballot CSC-11.
>
> Bruce.
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
> <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of *Ian
> McMillan via Cscwg-public
> *Sent:* Friday, September 24, 2021 7:01 PM
> *To:* cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
> *Subject:* [EXTERNAL] [Cscwg-public] Voting Begins: Ballot
> CSC-11: Update to log data retention
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender
> and know the content is safe.
>
> ------------------------------------------------------------------------
>
> *Ballot CSC-11: Update to log data retention requirements
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C01e89b1c05da47fcdfba08d97a2f1984*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637675165228324176*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=dKwimRLyToP*2FcULHIYvxeB*2FMitrVOoTRe5ql7h4qZrA*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!ITKna9KcfXc7HkRFu1gX_Sx3mUCs01wd3i8d3YDOWczknOMX4XiG3L1IFtkcvO3ZVyU$>*
>
> Purpose of this ballot:
>
> Update the log data and retention of log data requirements in
> the Baseline Requirement for the Issuance and Management of
> Publicly-Trusted Code Signing Certificates v2.5. The following
> motion has been proposed by Ian McMillan of Microsoft, and
> endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton
> (Entrust).
>
> — MOTION BEGINS —
>
> This ballot updates the “Baseline Requirements for the
> Issuance and Management of Publicly‐Trusted Code Signing
> Certificates“ version 2.5 according to the attached redline
> which includes:
>
> 1. Update section 15 “Data Records” removing references to
> [SSL/TLS] Baseline Requirements for this section in totality
> 2. Update section 15 “Data Records” to include sub-section
> 15.1 “Types of Events Recorded” and describing the
> requirements for CAs and Third Party Delegates while
> removing “Signing Services”
> 3. Update section 15 “Data Records” to include sub-section
> 15.2 “Timestamp Authority Data Records”
> 4. Update section 15.1 to clarify 4(f) for security event
> logging on Timestamp Authority servers
> 5. Update section 15.1 on 4(d) for security event logging to
> no longer include “hardware failures”
> 6. Update section 15 “Data Records” to include sub-section
> 15.3 “Data Retention Period for Audit Logs”
> 7. Update section 15.2 to no longer reference Baseline
> Requirements section 5.4.3 and defined a specific
> retention period for CA, subscriber certificate, Timestamp
> Authority, and security event data records for at least 2
> years
>
> — MOTION ENDS —
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7 days)
>
> Start Time: 2021-09-17, 19:00 Eastern Time (US)
>
> End Time: not before 2021-09-24, 19:00 Eastern Time (US)
>
> Vote for approval (7 days)
>
> Start Time: 2021-09-24, 19:00 Eastern Time (US)
>
> End Time: 2021-10-01, 19:00 Eastern Time (US)
>
> /Any email and files/attachments transmitted with it are
> confidential and are intended solely for the use of the
> individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy,
> distribute or disclose of the information it contains. _Please
> notify Entrust immediately_ and delete the message from your
> system./
>
>
> _______________________________________________
>
> Cscwg-public mailing list
>
> Cscwg-public at cabforum.org <mailto:Cscwg-public at cabforum.org>
>
> https://lists.cabforum.org/mailman/listinfo/cscwg-public <https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!PJmg5skWxQbnhRAgajjQ2jhsymvbkQayvI80P2QLBU1xLlSBDwpb9DloE__N3wRs_JM$>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/7e402ce5/attachment-0001.html>
More information about the Cscwg-public
mailing list