<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Bonjour Iñigo,<br>
<br>
Are you proposing to change the CABF membership rules to have the
forum open to CAs that don't produce certificates defined by the
forum and used by browsers? Being in the process for a browser
inclusion doesn't imply that the process will succeed.<br>
<br>
More specifically on the French TSL (easier for me to read):<br>
<ul>
<li>the TSL is available at <a
href="http://references.modernisation.gouv.fr/sites/default/files/TSL-FR.xml">http://references.modernisation.gouv.fr/sites/default/files/TSL-FR.xml</a></li>
<li>it references <a
href="https://references.modernisation.gouv.fr/fr">https://references.modernisation.gouv.fr/fr</a>
and <a href="https://references.modernisation.gouv.fr/en">https://references.modernisation.gouv.fr/en</a>
for scheme information</li>
<li>those texts are not equivalent; the French one states that
only RGS-certified are acceptable, the English one accepts CSP
issuing non Qualified certificates without listing the
acceptable approval schemes</li>
<li>the TSL contains a legal notice: "<i>The applicable legal
framework for the present TSL implementation of the Trusted
List of supervised/accredited Certification Service
Providers for FRANCE is the Directive 1999/93/EC of the
European Parliament and of the Council of 13 December 1999
on a Community framework for electronic signatures and its
implementation in FRANCE laws. Its applicable legal
framework under FRANCE laws is the ordinance 2005-1516 and
the General Security Frame(RGS) decree</i>" again refering
to the RGS scheme<br>
</li>
</ul>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Ok, maybe the French TSL scheme is particularly not clear.<br>
<br>
Let's have a look at the Spanish one, there's more people in it.
But it also contains 4 CA certificates for 3 different entities
with a 1024bits RSA key, to deliver Qualified certificates. Should
these entities be accepted as CABF members? Should we trust the
government agency responsible for TSL emission?<br>
<br>
Let's look at the German one. It's not XML-signed, but comes as a
zip file containing the XML file, a detached timestamp, and the
TSC. Thus this list isn't authenticated, and was downloaded from a
cleartext link. This TSL contains a lot of CAs, the large majority
of them have expired, maybe 40% of them have 1024bits keys. Same
questions.<br>
<br>
This isn't exhaustive.<br>
<a href="https://references.modernisation.gouv.fr/en"></a>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 20/11/2013 13:32, <a class="moz-txt-link-abbreviated" href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a> a écrit :<br>
</div>
<blockquote
cite="mid:763539E260C37C46A0D6B340B5434C3B08310242@AEX06.ejsarea.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma","sans-serif";}
p.BalloonText, li.BalloonText, div.BalloonText
{mso-style-name:"Balloon Text";
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EstiloCorreo21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EstiloCorreo22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloCorreo23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloCorreo24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Erwann,
Richard, all,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
think I didn´t explain myself clearly or at least not the
intention.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">What
I meant is that for those CAs that are waiting to be
included in the browser root programs and want to be a
member of the CABF that they can apply indicating that they
belong to their national TL, this is it. So, they can sign
the IPR, they have the audit certifications in place, etc.
but are awaiting to be included in the root program but
already in the TL, then to consider by the CABF this option.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
didn´t mean to the audit requirements to the “qualified” web
site certificates when the regulation comes to effect as
Richard says and not to what kind of services you´re
providing (qualified or not). <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Regarding
the trusted lists, the EU MS TL's are publicly available so
anybody can check which TSP is listed for which type of
services in each MS TL. There are some tools to do that.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">OTOH,
as far as I know the French list is listing not only the
CA/QC services but also CA/PKC and TSA services which are
approved against the French national approval scheme (RGS
& TS 101 456 / TS 102 042 approval).</span><span
lang="EN-US"><br>
<br>
</span><span style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">I think the French TL works like this :<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"> + only certified CA by an
accredited auditor can ask to be included in TL<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"> + CA must do an application to
SGMAP (French body) to be included in TL.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"> + audit report must be send to
SGMAP.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"> + level can be 102 042 /
101 456 / RGS (1,2, 3 stars) / French law on QES<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">If you are certified RGS 1 or 2 stars CA, you
can also claim for 102 042 in TL.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">If you are certified RGS 3 stars or French law
on qualified signature you can also claim for 101 456 in TL.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">You can be only ETSI TS and not RGS, and then
claim only TS status.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Regards<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">Iñigo Barreira</span></b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD"><br>
Responsable del Área técnica<br>
<a moz-do-not-send="true"
href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">945067705</span><span style="color:#1F497D"
lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="ES-TRAD"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><img
id="_x0000_i1026"
src="cid:part6.08060004.05000608@keynectis.com"
alt="Descripción: cid:image001.png@01CE3152.B4804EB0"
border="0" width="585" height="111"></span><span
style="color:#1F497D" lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD">ERNE!
Baliteke mezu honen zatiren bat edo mezu osoa legez
babestuta egotea. Mezua badu bere hartzailea. Okerreko
helbidera heldu bada (helbidea gaizki idatzi, transmisioak
huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!</span><span
style="color:#888888;mso-fareast-language:ES-TRAD"><br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD">ATENCION!
Este mensaje contiene informacion privilegiada o
confidencial a la que solo tiene derecho a acceder el
destinatario. Si usted lo recibe por error le
agradeceriamos que no hiciera uso de la informacion y que
se pusiese en contacto con el remitente.</span><span
style="font-size:12.0pt;color:navy;mso-fareast-language:ES-TRAD"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
tScheme Technical Manager
[<a class="moz-txt-link-freetext" href="mailto:richard.trevorah@tScheme.org">mailto:richard.trevorah@tScheme.org</a>] <br>
<b>Enviado el:</b> miércoles, 20 de noviembre de 2013
12:09<br>
<b>Para:</b> Barreira Iglesias, Iñigo; <a class="moz-txt-link-abbreviated" href="mailto:ben@digicert.com">ben@digicert.com</a><br>
<b>CC:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Asunto:</b> RE: [cabfpub] Agenda Items for Next Call<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Hi
Iñigo,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
think that this is a bit premature, there is still not an
agreed draft for the complete revised Regulation – let alone
the scope and timescale for any Implementing Acts.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">When
there is an agreed definition and audit process for
providers of Qualified Certificates for Website
Authentication, then that would be the time for discussion
as to how they need to be reflected in the CA/Browser
Forum’s processes.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Best
regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Richard</span><span
style="color:#1F497D" lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Times New
Roman","serif";color:black" lang="EN-GB">------------------------------------<br>
Richard Trevorah<br>
Technical Manager<br>
tScheme Limited<br>
<br>
M: +44 (0) 781 809 4728<br>
F: +44 (0) 870 005 6311<br>
<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";color:#1F497D"
lang="EN-GB"><a moz-do-not-send="true"
href="http://www.tscheme.org" target="_blank">http://www.tscheme.org</a><br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";color:black" lang="EN-GB">------------------------------------<br>
<br>
The information in this message and, if present, any
attachments are intended solely for the attention and use of
the named addressee(s). The content of this e-mail and its
attachments is confidential and may be legally privileged.
Unless otherwise stated, any use or disclosure is
unauthorised and may be unlawful.<br>
<br>
If you are not the intended recipient, please delete the
message and any attachments and notify the sender as soon as
practicable</span><span style="color:#1F497D" lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b><a class="moz-txt-link-abbreviated" href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a><br>
<b>Sent:</b> 20 November 2013 10:09<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:ben@digicert.com">ben@digicert.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] Agenda Items for Next Call<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Hi
Ben,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I´d
like to update/modify the requirements for new applications,
at least for EU CAs and incorporate the evidence of being
part of their country TSL according to the new implementing
act of the commission. I think it´s a minor change and won´t
affect the EU (or from some other countries) applicants.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Should
I propose a ballot? Do I need to send more info?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Regards<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">Iñigo Barreira</span></b><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD"><br>
Responsable del Área técnica<br>
<a moz-do-not-send="true"
href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black"
lang="ES-TRAD">945067705</span><span style="color:#1F497D"
lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="ES-TRAD"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><img
id="Imagen_x0020_1"
src="cid:part6.08060004.05000608@keynectis.com"
alt="Descripción: cid:image001.png@01CE3152.B4804EB0"
border="0" width="585" height="111"></span><span
style="color:#1F497D" lang="ES-TRAD"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888">ERNE!
Baliteke mezu honen zatiren bat edo mezu osoa legez
babestuta egotea. Mezua badu bere hartzailea. Okerreko
helbidera heldu bada (helbidea gaizki idatzi, transmisioak
huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!</span><span style="color:#888888"><br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888">ATENCION!
Este mensaje contiene informacion privilegiada o
confidencial a la que solo tiene derecho a acceder el
destinatario. Si usted lo recibe por error le
agradeceriamos que no hiciera uso de la informacion y que
se pusiese en contacto con el remitente.</span><span
style="font-size:12.0pt;color:navy"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>En nombre de </b>Ben Wilson<br>
<b>Enviado el:</b> miércoles, 20 de noviembre de 2013
0:22<br>
<b>Para:</b> <a moz-do-not-send="true"
href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Asunto:</b> [cabfpub] Agenda Items for Next Call<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">Here are some potential
discussion items for this Thursday’s call:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Discussion of
Microsoft’s SHA1 Announcement, Certificate lifetimes, SHA2
support, etc.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Report on status of
Ballot 89 (EV Processing)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Discuss Ballot 107
(Remove specific references)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Discuss Bylaw Revisions
and potential ballot (11/18 email from Gerv) <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Membership applications<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Report from Code Signing
Working Group <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Review of Web Site<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Please let me know if
you have any to add.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><br>
Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Ben<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>