[Servercert-wg] Discussion Period Begins on Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements

Aaron Gable aaron at letsencrypt.org
Thu Feb 17 01:45:53 UTC 2022

Thank you for all of the back-and-forth refining the language in the
previous discussion period. I think this version looks good.


On Fri, Feb 11, 2022 at 12:56 PM Clint Wilson via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> This email begins (again) the discussion period for Ballot SC51: Reduce
> and Clarify Audit Log and Records Archival Retention Requirements
> BALLOT SC51: Reduce and Clarify Audit Log and Records Archival Retention
> Requirements
> The purpose of this ballot is to consolidate and clarify aspects of audit
> log and records archival retention expectations and time-periods within
> 5.5.2.
> Foremost, this ballot reduces retention periods for records archival to 2
> years.
> Further, currently audit log events as outlined in section 5.4.1, and then
> referenced in 5.4.3 lead to confusion around the log retention that is
> defined and exclusive to each section, and how that retention feeds into
> records archival requirements. To further clarify the objectives of that
> interaction, an explicit requirement has been introduced in 5.5.1 stating
> that CAs must archive lifecycle event records.
> As minor adjustments to related requirements, this ballot also clarifies
> what is expected by the term “OCSP Entries” as a logged lifecycle event; as
> OCSP Entry is an undefined term, this was replaced with OCSP Response such
> that it should be clear that a CA will be logging the event of signing an
> OCSP Response (including the elements stipulated in 5.4.1). Similarly, some
> certificate lifecycle events expected to be retained are currently
> separated into 5.5.2; these have been incorporated into 5.4.1 instead. This
> ballot also explicitly calls out the need for delegated third parties to
> abide by the established retention periods for audit logging and records
> archival procedures.
> This ballot also formalizes incorporation of terms defined in the NCSSRs
> as also applying to the BRs.
> The following motion has been proposed by Clint Wilson of Apple and
> endorsed by Trevoli Ponds-White of Amazon and Dustin Hollenback of
> Microsoft.
> -----Motion Begins-----
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as defined in the following
> redline, based on Version 1.8.1:
> https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...2281a6c78692c3444db9a162df4ff217014b9f1f
> -----Motion Ends-----
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
> Discussion (7+ days)
> Start Time: February 11 2022 21:00 UTC
> End Time: February 18 2022 21:00 UTC
> Vote for approval (7 days)
> Start Time: TBD
> End Time: TBD
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220216/49e7d277/attachment.html>

More information about the Servercert-wg mailing list