[Servercert-wg] Voting period for Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements

Chris Kemmerer chris at ssl.com
Fri Feb 25 16:36:17 UTC 2022


SSL.com votes YES on SC51.

On 2/21/2022 1:47 PM, Clint Wilson via Servercert-wg wrote:
> Apple votes Yes on Ballot SC51.
>
>> On Feb 18, 2022, at 2:01 PM, Clint Wilson via Servercert-wg 
>> <servercert-wg at cabforum.org> wrote:
>>
>> This email begins the Voting period for Ballot SC51: Reduce and 
>> Clarify Audit Log and Records Archival Retention Requirements
>>
>> BALLOT SC51: Reduce and Clarify Audit Log and Records Archival 
>> Retention Requirements
>>
>> PURPOSE OF BALLOT
>>
>> The purpose of this ballot is to consolidate and clarify aspects of 
>> audit log and records archival retention expectations and 
>> time-periods within 5.5.2.
>>
>> Foremost, this ballot reduces retention periods for records archival 
>> to 2 years.
>> Further, currently audit log events as outlined in section 5.4.1, and 
>> then referenced in 5.4.3 lead to confusion around the log retention 
>> that is defined and exclusive to each section, and how that retention 
>> feeds into records archival requirements. To further clarify the 
>> objectives of that interaction, an explicit requirement has been 
>> introduced in 5.5.1 stating that CAs must archive lifecycle event 
>> records.
>>
>> As minor adjustments to related requirements, this ballot also 
>> clarifies what is expected by the term “OCSP Entries” as a logged 
>> lifecycle event; as OCSP Entry is an undefined term, this was 
>> replaced with OCSP Response such that it should be clear that a CA 
>> will be logging the event of signing an OCSP Response (including the 
>> elements stipulated in 5.4.1). Similarly, some certificate lifecycle 
>> events expected to be retained are currently separated into 5.5.2; 
>> these have been incorporated into 5.4.1 instead. This ballot also 
>> explicitly calls out the need for delegated third parties to abide by 
>> the established retention periods for audit logging and records 
>> archival procedures.
>> This ballot also formalizes incorporation of terms defined in the 
>> NCSSRs as also applying to the BRs.
>>
>> MOTION
>>
>> The following motion has been proposed by Clint Wilson of Apple and 
>> endorsed by Trevoli Ponds-White of Amazon and Dustin Hollenback of 
>> Microsoft.
>>
>> -----Motion Begins-----
>>
>> This ballot modifies the “Baseline Requirements for the Issuance and 
>> Management of Publicly-Trusted Certificates” as defined in the 
>> following redline, based on Version 1.8.1:
>>
>> https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...2281a6c78692c3444db9a162df4ff217014b9f1f
>>
>> -----Motion Ends-----
>>
>> This ballot proposes a Final Maintenance Guideline. The procedure for 
>> approval of this ballot is as follows:
>>
>> Discussion (7+ days)
>>
>> Start Time: February 11 2022 21:00 UTC
>> End Time: February 18 2022 21:00 UTC
>>
>> Vote for approval (7 days)
>>
>> Start Time: February 18 2022 22:00 UTC
>> End Time: February 25 2022 22:00 UTC
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220225/aaee27bb/attachment.html>


More information about the Servercert-wg mailing list