<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Apr 15, 2018 at 2:18 AM, Dimitris Zacharopoulos via Public <span dir="ltr"><<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  

    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <br>
    I am looking for two endorsers for the following ballot.<br>
    <br>
    Dimitris.<br>
    <br>
    <p class="m_-1167569698070291640line867"><strong>Ballot XXX - Update Section 8.4 for CA
        audit criteria</strong> <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-3"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-4"></span></p>
    <p class="m_-1167569698070291640line874">The following motion has been proposed by
      Dimitris Zacharopoulos of HARICA and endorsed by ___ and ___<span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-5"></span></p>
    <p class="m_-1167569698070291640line867"><strong>Background</strong>: <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-7"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-8"></span></p>
    <p class="m_-1167569698070291640line874">Section 8.4 of the Baseline Requirements
      describes the audit criteria for CAs that issue Publicly-Trusted
      SSL/TLS Certificates. This ballot attempts to achieve two things:
      <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-9"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-10"></span></p>
    <ol type="1">
      <li>Remove the old ETSI TS documents <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-11"></span></li>
      <li>
        <p class="m_-1167569698070291640line862">Align the <a class="m_-1167569698070291640nonexistent" href="https://www.cabforum.org/wiki/WebTrust" target="_blank">WebTrust</a>
          and ETSI requirements <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-12"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-13"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-14"></span></p>
      </li>
    </ol>
    <p class="m_-1167569698070291640line862">"<a class="m_-1167569698070291640nonexistent" href="https://www.cabforum.org/wiki/WebTrust" target="_blank">WebTrust</a> for
      Certification Authorities" is equivalent to "ETSI EN 319 401" and
      "<a class="m_-1167569698070291640nonexistent" href="https://www.cabforum.org/wiki/WebTrust" target="_blank">WebTrust</a>
      Principles and Criteria for Certification Authorities – SSL
      Baseline with Network Security" is the equivalent of "ETSI EN 319
      411-1". <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-15"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-16"></span></p>
    <p class="m_-1167569698070291640line867"><strong>-- MOTION BEGINS --</strong> <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-17"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-18"></span></p>
    <p class="m_-1167569698070291640line874">Replace the first two numbered items in section
      8.4 of the Baseline Requirements <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-19"></span>from: <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-20"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-21"></span></p>
    <ol type="1">
      <li>
        <p class="m_-1167569698070291640line891"><a class="m_-1167569698070291640nonexistent" href="https://www.cabforum.org/wiki/WebTrust" target="_blank">WebTrust</a>
          for Certification Authorities v2.0; <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-22"></span></p>
      </li>
      <li>A national scheme that audits conformance to ETSI TS 102 042 /
        ETSI EN 319 411-1; or <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-23"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-24"></span></li>
    </ol>
    <p class="m_-1167569698070291640line874">to: <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-25"></span><span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-26"></span></p>
    <ol type="1">
      <li>
        <p class="m_-1167569698070291640line891"><a class="m_-1167569698070291640nonexistent" href="https://www.cabforum.org/wiki/WebTrust" target="_blank">WebTrust</a>
          Principles and Criteria for Certification Authorities – SSL
          Baseline with Network Security; <span class="m_-1167569698070291640anchor" id="m_-1167569698070291640line-27"></span></p>
      </li>
      <li>A national scheme that audits conformance to ETSI EN 319
        411-1; or</li></ol></div></blockquote><div><br></div><div>As noted several times that this has come up in the past, your proposed change to #1 is meaningfully and substantially different than what is currently required. You are proposing *changing* the audit scheme to a more restrictive set. That's something in the past that browsers have objected to, and for good reason.</div></div></div></div>