[Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: Update to log data retention

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Sep 28 16:35:12 UTC 2021


Bruce,

This is the second time my mail is blocking an email so I missed it :( 
Next time I will check the archive to be sure!

No worries, the voting for CSC-11 is just fine.


Thanks,
Dimitris.

On 28/9/2021 6:59 μ.μ., Bruce Morton wrote:
>
> Hi Dimitris,
>
> Ian sent out the attached email for voting to begin an attached the 
> redline within the email. I thought that this email was sufficient to 
> start the voting period.
>
> Bruce.
>
> *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Tuesday, September 28, 2021 11:56 AM
> *To:* Bruce Morton <Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
> *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: 
> Update to log data retention
>
> On 28/9/2021 6:53 μ.μ., Bruce Morton wrote:
>
>     I am asking if CSC-11 can move forward as is OR do we have to take
>     an action to allow CSC-11 to get passed.
>
>
> IMO *Ian must start the voting period* by sending the same e-mail 
> (including the redline) and then r*eset the 7 days voting period*. We 
> should be fine because we haven't passed the 21 days from last post of 
> a draft. Members that already voted will have to re-vote.
>
>
> Thanks,
> Dimitris.
>
>
>
>
>     *From:*Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
>     <mailto:dzacharo at harica.gr>
>     *Sent:* Tuesday, September 28, 2021 11:51 AM
>     *To:* Bruce Morton <Bruce.Morton at entrust.com>
>     <mailto:Bruce.Morton at entrust.com>; cscwg-public at cabforum.org
>     <mailto:cscwg-public at cabforum.org>
>     *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot
>     CSC-11: Update to log data retention
>
>     On 28/9/2021 6:46 μ.μ., Bruce Morton wrote:
>
>         Hi Dimitris,
>
>         Do we have any action for ballot CSC-11?
>
>
>     I'm not sure what you mean.
>
>     Are you asking what steps we should perform for CSC-11?
>
>
>     Dimitris.
>
>
>
>         Bruce.
>
>         *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
>         <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of
>         *Dimitris Zacharopoulos (HARICA) via Cscwg-public
>         *Sent:* Tuesday, September 28, 2021 11:43 AM
>         *To:* Bruce Morton via Cscwg-public
>         <cscwg-public at cabforum.org> <mailto:cscwg-public at cabforum.org>
>         *Subject:* Re: [Cscwg-public] [EXTERNAL] Voting Begins: Ballot
>         CSC-11: Update to log data retention
>
>         Hi Bruce,
>
>         According to the Bylaws section 2.3 (3), it is possible for
>         the discussion period to be more than 7 days so the *proposer*
>         of the ballot must explicitly start the voting period which is
>         for exactly 7 days. I don't think Ian started the voting period.
>
>         /"Once no new version of the ballot has been posted for seven
>         (7) calendar days, *the proposer may end the discussion period
>         and start the voting period* by *reposting the final version
>         of the ballot* and clearly i*ndicating that voting is to
>         begin*, along with the start and end dates and times
>         (including time zone) for the voting period"/
>
>         Also, Ian's original email had a link to the wiki, which is
>         not publicly available (thus not acceptable according to the
>         Bylaws), but the redline that was attached met the
>         requirements. This redline needs to be re-sent when Ian starts
>         the voting period.
>
>         I am highlighting this for future ballots so that if there is
>         only a pointer to a redline hosted at an external site, the
>         link must be pointing to a public and immutable redline.
>
>         Sorry for reporting this but it's best to do this right than
>         having challenges in the future.
>
>
>         Thanks,
>         Dimitris.
>
>
>
>         On 27/9/2021 3:11 μ.μ., Bruce Morton via Cscwg-public wrote:
>
>             Entrust votes Yes to ballot CSC-11.
>
>             Bruce.
>
>             *From:*Cscwg-public <cscwg-public-bounces at cabforum.org>
>             <mailto:cscwg-public-bounces at cabforum.org> *On Behalf Of
>             *Ian McMillan via Cscwg-public
>             *Sent:* Friday, September 24, 2021 7:01 PM
>             *To:* cscwg-public at cabforum.org
>             <mailto:cscwg-public at cabforum.org>
>             *Subject:* [EXTERNAL] [Cscwg-public] Voting Begins: Ballot
>             CSC-11: Update to log data retention
>
>             WARNING: This email originated outside of Entrust.
>             DO NOT CLICK links or attachments unless you trust the
>             sender and know the content is safe.
>
>             ------------------------------------------------------------------------
>
>             *Ballot CSC-11: Update to log data retention requirements
>             <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C01e89b1c05da47fcdfba08d97a2f1984*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637675165228324176*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=dKwimRLyToP*2FcULHIYvxeB*2FMitrVOoTRe5ql7h4qZrA*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!ITKna9KcfXc7HkRFu1gX_Sx3mUCs01wd3i8d3YDOWczknOMX4XiG3L1IFtkcvO3ZVyU$>*
>
>             Purpose of this ballot:
>
>             Update the log data and retention of log data requirements
>             in the Baseline Requirement for the Issuance and
>             Management of Publicly-Trusted Code Signing Certificates
>             v2.5. The following motion has been proposed by Ian
>             McMillan of Microsoft, and endorsed by Dimitris
>             Zacharopoulos (HARICA) and Bruce Morton (Entrust).
>
>             — MOTION BEGINS —
>
>             This ballot updates the “Baseline Requirements for the
>             Issuance and Management of Publicly‐Trusted Code Signing
>             Certificates“ version 2.5 according to the attached
>             redline which includes:
>
>              1. Update section 15 “Data Records” removing references
>                 to [SSL/TLS] Baseline Requirements for this section in
>                 totality
>              2. Update section 15 “Data Records” to include
>                 sub-section 15.1 “Types of Events Recorded” and
>                 describing the requirements for CAs and Third Party
>                 Delegates while removing “Signing Services”
>              3. Update section 15 “Data Records” to include
>                 sub-section 15.2 “Timestamp Authority Data Records”
>              4. Update section 15.1 to clarify 4(f) for security event
>                 logging on Timestamp Authority servers
>              5. Update section 15.1 on 4(d) for security event logging
>                 to no longer include “hardware failures”
>              6. Update section 15 “Data Records” to include
>                 sub-section 15.3 “Data Retention Period for Audit Logs”
>              7. Update section 15.2 to no longer reference Baseline
>                 Requirements section 5.4.3 and defined a specific
>                 retention period for CA, subscriber certificate,
>                 Timestamp Authority, and security event data records
>                 for at least 2 years
>
>             — MOTION ENDS —
>
>             The procedure for approval of this ballot is as follows:
>
>             Discussion (7 days)
>
>             Start Time: 2021-09-17, 19:00 Eastern Time (US)
>
>             End Time: not before 2021-09-24, 19:00 Eastern Time (US)
>
>             Vote for approval (7 days)
>
>             Start Time: 2021-09-24, 19:00 Eastern Time (US)
>
>             End Time: 2021-10-01, 19:00 Eastern Time (US)
>
>             /Any email and files/attachments transmitted with it are
>             confidential and are intended solely for the use of the
>             individual or entity to whom they are addressed. If this
>             message has been sent to you in error, you must not copy,
>             distribute or disclose of the information it contains.
>             _Please notify Entrust immediately_ and delete the message
>             from your system./
>
>
>
>             _______________________________________________
>
>             Cscwg-public mailing list
>
>             Cscwg-public at cabforum.org  <mailto:Cscwg-public at cabforum.org>
>
>             https://lists.cabforum.org/mailman/listinfo/cscwg-public  <https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/cscwg-public__;!!FJ-Y8qCqXTj2!PJmg5skWxQbnhRAgajjQ2jhsymvbkQayvI80P2QLBU1xLlSBDwpb9DloE__N3wRs_JM$>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/6009b573/attachment-0001.html>


More information about the Cscwg-public mailing list