[Cscwg-public] [EXTERNAL] Voting Begins: Ballot CSC-11: Update to log data retention

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Sep 28 16:35:55 UTC 2021 

HARICA votes "yes" to CSC-11



On 27/9/2021 3:11 μ.μ., Bruce Morton via Cscwg-public wrote:
>
> Entrust votes Yes to ballot CSC-11.
>
> Bruce.
>
> *From:*Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of 
> *Ian McMillan via Cscwg-public
> *Sent:* Friday, September 24, 2021 7:01 PM
> *To:* cscwg-public at cabforum.org
> *Subject:* [EXTERNAL] [Cscwg-public] Voting Begins: Ballot CSC-11: 
> Update to log data retention
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know 
> the content is safe.
>
> ------------------------------------------------------------------------
>
> *Ballot CSC-11: Update to log data retention requirements 
> <https://urldefense.com/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fnam06.safelinks.protection.outlook.com*2F*3Furl*3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fwiki.cabforum.org*2Fcscwg*2Fcsc_11_-_update_to_log_data_retention_requirements__*3B!!FJ-Y8qCqXTj2!OxtP9iVwcvkR2NB3D6_-cStNUlZ0jiRsvQI7kzZGF3vX8NFDtimB6Te0-iBFuXDSLg0*24*26data*3D04*7C01*7Cianmcm*40microsoft.com*7Ce3bd2ae0dce4468183c108d9737ae5b0*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637667794999582131*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26sdata*3DBJidr4YnWniggGmazUxO4cTwAuX0iHteFREqsQRzkoE*3D*26reserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!NWv1K7HGvAxUABiMxdfaCMe3GpkaaPtdGr0fmyfxRX1KGs0uZ0T8Jv4ZKzUoZrd49aU*24&data=04*7C01*7Cianmcm*40microsoft.com*7C01e89b1c05da47fcdfba08d97a2f1984*7C72f988bf86f141af91ab2d7cd011db47*7C0*7C0*7C637675165228324176*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=dKwimRLyToP*2FcULHIYvxeB*2FMitrVOoTRe5ql7h4qZrA*3D&reserved=0__;JSUlJSUlJSUlJSoqKioqKioqKioqJSUqKioqKioqKioqKiolJSolJSUlJSUlJSUlJSUlJSUlJSUl!!FJ-Y8qCqXTj2!ITKna9KcfXc7HkRFu1gX_Sx3mUCs01wd3i8d3YDOWczknOMX4XiG3L1IFtkcvO3ZVyU$>*
>
> Purpose of this ballot:
>
> Update the log data and retention of log data requirements in the 
> Baseline Requirement for the Issuance and Management of 
> Publicly-Trusted Code Signing Certificates v2.5. The following motion 
> has been proposed by Ian McMillan of Microsoft, and endorsed by 
> Dimitris Zacharopoulos (HARICA) and Bruce Morton (Entrust).
>
> — MOTION BEGINS —
>
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 
> according to the attached redline which includes:
>
>   * Update section 15 “Data Records” removing references to [SSL/TLS]
>     Baseline Requirements for this section in totality
>   * Update section 15 “Data Records” to include sub-section 15.1
>     “Types of Events Recorded” and describing the requirements for CAs
>     and Third Party Delegates while removing “Signing Services”
>   * Update section 15 “Data Records” to include sub-section 15.2
>     “Timestamp Authority Data Records”
>   * Update section 15.1 to clarify 4(f) for security event logging on
>     Timestamp Authority servers
>   * Update section 15.1 on 4(d) for security event logging to no
>     longer include “hardware failures”
>   * Update section 15 “Data Records” to include sub-section 15.3 “Data
>     Retention Period for Audit Logs”
>   * Update section 15.2 to no longer reference Baseline Requirements
>     section 5.4.3 and defined a specific retention period for CA,
>     subscriber certificate, Timestamp Authority, and security event
>     data records for at least 2 years
>
> — MOTION ENDS —
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7 days)
>
> Start Time: 2021-09-17, 19:00 Eastern Time (US)
>
> End Time: not before 2021-09-24, 19:00 Eastern Time (US)
>
> Vote for approval (7 days)
>
> Start Time: 2021-09-24, 19:00 Eastern Time (US)
>
> End Time: 2021-10-01, 19:00 Eastern Time (US)
>
> /Any email and files/attachments transmitted with it are confidential 
> and are intended solely for the use of the individual or entity to 
> whom they are addressed. If this message has been sent to you in 
> error, you must not copy, distribute or disclose of the information it 
> contains. _Please notify Entrust immediately_ and delete the message 
> from your system./
>
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210928/eda65112/attachment.html>

More information about the Cscwg-public mailing list