[Servercert-wg] Voting period for Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements

Wojciech Trapczyński wtrapczynski at certum.pl
Fri Feb 25 12:23:12 UTC 2022


Certum votes YES on ballot SC51.

On 18/02/2022 23:01, Clint Wilson via Servercert-wg wrote:
> This email begins the Voting period for Ballot SC51: Reduce and 
> Clarify Audit Log and Records Archival Retention Requirements
>
> BALLOT SC51: Reduce and Clarify Audit Log and Records Archival 
> Retention Requirements
>
> PURPOSE OF BALLOT
>
> The purpose of this ballot is to consolidate and clarify aspects of 
> audit log and records archival retention expectations and time-periods 
> within 5.5.2.
>
> Foremost, this ballot reduces retention periods for records archival 
> to 2 years.
> Further, currently audit log events as outlined in section 5.4.1, and 
> then referenced in 5.4.3 lead to confusion around the log retention 
> that is defined and exclusive to each section, and how that retention 
> feeds into records archival requirements. To further clarify the 
> objectives of that interaction, an explicit requirement has been 
> introduced in 5.5.1 stating that CAs must archive lifecycle event records.
>
> As minor adjustments to related requirements, this ballot also 
> clarifies what is expected by the term “OCSP Entries” as a logged 
> lifecycle event; as OCSP Entry is an undefined term, this was replaced 
> with OCSP Response such that it should be clear that a CA will be 
> logging the event of signing an OCSP Response (including the elements 
> stipulated in 5.4.1). Similarly, some certificate lifecycle events 
> expected to be retained are currently separated into 5.5.2; these have 
> been incorporated into 5.4.1 instead. This ballot also explicitly 
> calls out the need for delegated third parties to abide by the 
> established retention periods for audit logging and records archival 
> procedures.
> This ballot also formalizes incorporation of terms defined in the 
> NCSSRs as also applying to the BRs.
>
> MOTION
>
> The following motion has been proposed by Clint Wilson of Apple and 
> endorsed by Trevoli Ponds-White of Amazon and Dustin Hollenback of 
> Microsoft.
>
> -----Motion Begins-----
>
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates” as defined in the 
> following redline, based on Version 1.8.1:
>
> https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...2281a6c78692c3444db9a162df4ff217014b9f1f
>
> -----Motion Ends-----
>
> This ballot proposes a Final Maintenance Guideline. The procedure for 
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: February 11 2022 21:00 UTC
> End Time: February 18 2022 21:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: February 18 2022 22:00 UTC
> End Time: February 25 2022 22:00 UTC
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220225/0d73e764/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220225/0d73e764/attachment.p7s>


More information about the Servercert-wg mailing list