[Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data retention

Corey Bonnell Corey.Bonnell at digicert.com
Thu Sep 30 17:51:17 UTC 2021


DigiCert votes YES to Ballot CSC-11.



Thanks,

Corey



From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Ian
McMillan via Cscwg-public
Sent: Friday, September 24, 2021 7:01 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Voting Begins: Ballot CSC-11: Update to log data
retention





Ballot CSC-11: Update to log data retention requirements



Purpose of this ballot:

Update the log data and retention of log data requirements in the Baseline
Requirement for the Issuance and Management of Publicly-Trusted Code Signing
Certificates v2.5. The following motion has been proposed by Ian McMillan of
Microsoft, and endorsed by Dimitris Zacharopoulos (HARICA) and Bruce Morton
(Entrust).



- MOTION BEGINS -



This ballot updates the “Baseline Requirements for the Issuance and
Management of Publicly‐Trusted Code Signing Certificates“ version 2.5
according to the attached redline which includes:



*	Update section 15 “Data Records” removing references to [SSL/TLS]
Baseline Requirements for this section in totality
*	Update section 15 “Data Records” to include sub-section 15.1
“Types of Events Recorded” and describing the requirements for CAs and
Third Party Delegates while removing “Signing Services”
*	Update section 15 “Data Records” to include sub-section 15.2
“Timestamp Authority Data Records”
*	Update section 15.1 to clarify 4(f) for security event logging on
Timestamp Authority servers
*	Update section 15.1 on 4(d) for security event logging to no longer
include “hardware failures”
*	Update section 15 “Data Records” to include sub-section 15.3
“Data Retention Period for Audit Logs”
*	Update section 15.2 to no longer reference Baseline Requirements
section 5.4.3 and defined a specific retention period for CA, subscriber
certificate, Timestamp Authority, and security event data records for at
least 2 years



- MOTION ENDS -



The procedure for approval of this ballot is as follows:



Discussion (7 days)

Start Time: 2021-09-17, 19:00 Eastern Time (US)

End Time: not before 2021-09-24, 19:00 Eastern Time (US)



Vote for approval (7 days)

Start Time: 2021-09-24, 19:00 Eastern Time (US)

End Time: 2021-10-01, 19:00 Eastern Time (US)





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210930/840310bd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210930/840310bd/attachment-0001.p7s>


More information about the Cscwg-public mailing list