Ballot 170 – Amend Section 5.1 of Baseline Requirements

Ballot overview

• Ballot 170 proposed amendments to Section 5.1 of the Baseline Requirements.
• The ballot was sponsored by Ben Wilson of DigiCert and endorsed by Robin Alden of Comodo and Li-Chun CHEN of Chunghwa Telecom.
• The motion added or revised requirements covering site location and construction, physical access, power and air conditioning, water exposure, fire prevention and protection, media storage, waste disposal, and off-site backup.

Proposed requirements

• Facilities housing CA and RA equipment were to be consistent with facilities used for high-value, sensitive information and provide robust protection against unauthorized access.
• CAs were to maintain controls for restricted physical access, environmental protection, prevention of loss or compromise, and dual custody or similar multiple-person control.
• CAs were to have backup power sufficient to lock out input, finish pending actions, and record equipment state automatically before shutdown from power or air conditioning loss.
• CA equipment was to be installed to avoid water exposure, and water damage from fire protection measures was to be minimized.
• CAs were to comply with local commercial building codes for fire prevention and protection.
• Media was to be protected from accidental damage and unauthorized access, with non-daily-use media stored separately and securely.
• Private key material media was to be handled, packaged, and stored according to the sensitivity of the information it protected, consistent with Section 5.1.2.
• Sensitive media and documentation no longer needed were to be destroyed securely.
• Online components were to be backed up at least weekly; offline root CA systems and other offline components were to be backed up before being taken offline.
• Backups were to be stored at a separate site with physical and procedural controls protecting confidentiality, integrity, and availability.

Ballot process and outcome

• The review period was scheduled to commence at 2200 UTC on 2 June 2016 and close at 2200 UTC on 9 June 2016.
• The voting period was scheduled to start immediately thereafter and close at 2200 UTC on 16 June 2016.
• Voting closed and the results were 11 YES, 0 NO, and 1 abstention from CAs; 2 YES, 2 NO, and 0 abstentions from browsers.
• The page states that the ballot fails.
• Because the ballot failed, the proposed requirements did not become normative.