[Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention

Wojciech Trapczyński wtrapczynski at certum.pl
Thu Sep 30 09:06:58 UTC 2021 

Certum votes yes on Ballot CSC-11.

W dniu 25.09.2021 o 01:00, Ian McMillan via Cscwg-public pisze:
> *Ballot CSC-11: Update to log data retention requirements 
> 
> Purpose of this ballot:
> 
> Update the log data and retention of log data requirements in the 
> Baseline Requirement for the Issuance and Management of Publicly-Trusted 
> Code Signing Certificates v2.5. The following motion has been proposed 
> by Ian McMillan of Microsoft, and endorsed by Dimitris Zacharopoulos 
> (HARICA) and Bruce Morton (Entrust).
> 
> — MOTION BEGINS —
> 
> This ballot updates the “Baseline Requirements for the Issuance and 
> Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 
> according to the attached redline which includes:
> 
>   * Update section 15 “Data Records” removing references to [SSL/TLS]
>     Baseline Requirements for this section in totality
>   * Update section 15 “Data Records” to include sub-section 15.1 “Types
>     of Events Recorded” and describing the requirements for CAs and
>     Third Party Delegates while removing “Signing Services”
>   * Update section 15 “Data Records” to include sub-section 15.2
>     “Timestamp Authority Data Records”
>   * Update section 15.1 to clarify 4(f) for security event logging on
>     Timestamp Authority servers
>   * Update section 15.1 on 4(d) for security event logging to no longer
>     include “hardware failures”
>   * Update section 15 “Data Records” to include sub-section 15.3 “Data
>     Retention Period for Audit Logs”
>   * Update section 15.2 to no longer reference Baseline Requirements
>     section 5.4.3 and defined a specific retention period for CA,
>     subscriber certificate, Timestamp Authority, and security event data
>     records for at least 2 years
> 
> — MOTION ENDS —
> 
> The procedure for approval of this ballot is as follows:
> 
> Discussion (7 days)
> 
> Start Time: 2021-09-17, 19:00 Eastern Time (US)
> 
> End Time: not before 2021-09-24, 19:00 Eastern Time (US)
> 
> Vote for approval (7 days)
> 
> Start Time: 2021-09-24, 19:00 Eastern Time (US)
> 
> End Time: 2021-10-01, 19:00 Eastern Time (US)
> 
> 
> _______________________________________________
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/cscwg-public
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210930/e05d032f/attachment.p7s>

More information about the Cscwg-public mailing list