[Servercert-wg] Pre-discussion: SC38 - Alignment of Record Archival
ndunbar at trustcorsystems.com
Thu Nov 12 10:37:54 MST 2020
At the F2F, I noted that proposed ballots from NetSec would reach out to
SCWG earlier to see if the wider group had observations which we in
NetSec might have overlooked. This is the first of such reaching out.
When we proposed SC28, we didn't update BR 5.5.2 [Retention period for
archive] to match the (object lifetime + 2 years) retention which
applies to the audit log.
SC38 attempts to remedy this via changing that seven year retention
period down to two, consonant with Section 5.4.
The wiki has the proposed ballot:
I'd appreciate any input on this. I know that some CAs treat audit log
and archive differently, whereas some (most?) conflate the treatment of
such data. Does the reduction to 2 years after the end of validity of
any certificate seem like it causes undesirable risk for archive versus
More information about the Servercert-wg