[Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: Update to log data retention

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Sep 28 15:56:17 UTC 2021



On 28/9/2021 6:53 μ.μ., Bruce Morton wrote:
>
> I am asking if CSC-11 can move forward as is OR do we have to take an 
> action to allow CSC-11 to get passed.
>

IMO *Ian must start the voting period* by sending the same e-mail 
(including the redline) and then r*eset the 7 days voting period*. We 
should be fine because we haven't passed the 21 days from last post of a 
draft. Members that already voted will have to re-vote.


Thanks,
Dimitris.



> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Tuesday, September 28, 2021 11:51 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: 
> Update to log data retention
>
> On 28/9/2021 6:46 μ.μ., Bruce Morton wrote:
>
>     Hi Dimitris,
>
>     Do we have any action for ballot CSC-11?
>
>
> I'm not sure what you mean.
>
> Are you asking what steps we should perform for CSC-11?
>
>
> Dimitris.
>
>
>     Bruce.
>
>     *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
>     <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of *Dimitris
>     Zacharopoulos (HARICA) via Cscwg-public
>     *Sent:* Tuesday, September 28, 2021 11:43 AM
>     *To:* Bruce Morton via Cscwg-public <cscwg-public at cabforum.org>
>     <mailto:cscwg-public at cabforum.org>
>     *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot
>     CSC-11: Update to log data retention
>
>     Hi Bruce,
>
>     According to the Bylaws section 2.3 (3), it is possible for the
>     discussion period to be more than 7 days so the *proposer* of the
>     ballot must explicitly start the voting period which is for
>     exactly 7 days. I don't think Ian started the voting period.
>
>     /"Once no new version of the ballot has been posted for seven (7)
>     calendar days, *the proposer may end the discussion period and
>     start the voting period* by *reposting the final version of the
>     ballot* and clearly i*ndicating that voting is to begin*, along
>     with the start and end dates and times (including time zone) for
>     the voting period"/
>
>     Also, Ian's original email had a link to the wiki, which is not
>     publicly available (thus not acceptable according to the Bylaws),
>     but the redline that was attached met the requirements. This
>     redline needs to be re-sent when Ian starts the voting period.
>
>     I am highlighting this for future ballots so that if there is only
>     a pointer to a redline hosted at an external site, the link must
>     be pointing to a public and immutable redline.
>
>     Sorry for reporting this but it's best to do this right than
>     having challenges in the future.
>
>
>     Thanks,
>     Dimitris.
>
>
>     On 27/9/2021 3:11 μ.μ., Bruce Morton via Cscwg-public wrote:
>
>         Entrust votes Yes to ballot CSC-11.
>
>         Bruce.
>
>         *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
>         <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of *Ian
>         McMillan via Cscwg-public
>         *Sent:* Friday, September 24, 2021 7:01 PM
>         *To:* cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
>         *Subject:* [EXTERNAL] [Cscwg-public] Voting Begins: Ballot
>         CSC-11: Update to log data retention
>
>         WARNING: This email originated outside of Entrust.
>         DO NOT CLICK links or attachments unless you trust the sender
>         and know the content is safe.
>
>         ------------------------------------------------------------------------
>
>         *Ballot CSC-11: Update to log data retention requirements
>         <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C01e89b1c05da47fcdfba08d97a2f1984*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637675165228324176*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=dKwimRLyToP*2FcULHIYvxeB*2FMitrVOoTRe5ql7h4qZrA*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!ITKna9KcfXc7HkRFu1gX_Sx3mUCs01wd3i8d3YDOWczknOMX4XiG3L1IFtkcvO3ZVyU$>*
>
>         Purpose of this ballot:
>
>         Update the log data and retention of log data requirements in
>         the Baseline Requirement for the Issuance and Management of
>         Publicly-Trusted Code Signing Certificates v2.5. The following
>         motion has been proposed by Ian McMillan of Microsoft, and
>         endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton
>         (Entrust).
>
>         — MOTION BEGINS —
>
>         This ballot updates the “Baseline Requirements for the
>         Issuance and Management of Publicly‐Trusted Code Signing
>         Certificates“ version 2.5 according to the attached redline
>         which includes:
>
>          1. Update section 15 “Data Records” removing references to
>             [SSL/TLS] Baseline Requirements for this section in totality
>          2. Update section 15 “Data Records” to include sub-section
>             15.1 “Types of Events Recorded” and describing the
>             requirements for CAs and Third Party Delegates while
>             removing “Signing Services”
>          3. Update section 15 “Data Records” to include sub-section
>             15.2 “Timestamp Authority Data Records”
>          4. Update section 15.1 to clarify 4(f) for security event
>             logging on Timestamp Authority servers
>          5. Update section 15.1 on 4(d) for security event logging to
>             no longer include “hardware failures”
>          6. Update section 15 “Data Records” to include sub-section
>             15.3 “Data Retention Period for Audit Logs”
>          7. Update section 15.2 to no longer reference Baseline
>             Requirements section 5.4.3 and defined a specific
>             retention period for CA, subscriber certificate, Timestamp
>             Authority, and security event data records for at least 2
>             years
>
>         — MOTION ENDS —
>
>         The procedure for approval of this ballot is as follows:
>
>         Discussion (7 days)
>
>         Start Time: 2021-09-17, 19:00 Eastern Time (US)
>
>         End Time: not before 2021-09-24, 19:00 Eastern Time (US)
>
>         Vote for approval (7 days)
>
>         Start Time: 2021-09-24, 19:00 Eastern Time (US)
>
>         End Time: 2021-10-01, 19:00 Eastern Time (US)
>
>         /Any email and files/attachments transmitted with it are
>         confidential and are intended solely for the use of the
>         individual or entity to whom they are addressed. If this
>         message has been sent to you in error, you must not copy,
>         distribute or disclose of the information it contains. _Please
>         notify Entrust immediately_ and delete the message from your
>         system./
>
>
>         _______________________________________________
>
>         Cscwg-public mailing list
>
>         Cscwg-public at cabforum.org  <mailto:Cscwg-public at cabforum.org>
>
>         https://lists.cabforum.org/mailman/listinfo/cscwg-public  <https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!PJmg5skWxQbnhRAgajjQ2jhsymvbkQayvI80P2QLBU1xLlSBDwpb9DloE__N3wRs_JM$>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/7e402ce5/attachment-0001.html>


More information about the Cscwg-public mailing list