[Servercert-wg] Pre-discussion: SC38 - Alignment of Record Archival

Neil Dunbar ndunbar at trustcorsystems.com
Thu Nov 12 10:37:54 MST 2020


At the F2F, I noted that proposed ballots from NetSec would reach out to 
SCWG earlier to see if the wider group had observations which we in 
NetSec might have overlooked. This is the first of such reaching out.

When we proposed SC28, we didn't update BR 5.5.2 [Retention period for 
archive] to match the (object lifetime + 2 years) retention which 
applies to the audit log.

SC38 attempts to remedy this via changing that seven year retention 
period down to two, consonant with Section 5.4.

The wiki has the proposed ballot: 

I'd appreciate any input on this. I know that some CAs treat audit log 
and archive differently, whereas some (most?) conflate the treatment of 
such data. Does the reduction to 2 years after the end of validity of 
any certificate seem like it causes undesirable risk for archive versus 
audit log?



More information about the Servercert-wg mailing list