<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 19/4/2018 7:35 μμ, Tim Hollebeek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM5PR14MB13716F3B4CCD43F37F8BB2AB83B50@DM5PR14MB1371.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:trebuchet;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.m-1167569698070291640line867, li.m-1167569698070291640line867, div.m-1167569698070291640line867
{mso-style-name:m_-1167569698070291640line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.m-1167569698070291640line874, li.m-1167569698070291640line874, div.m-1167569698070291640line874
{mso-style-name:m_-1167569698070291640line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.m-1167569698070291640line862, li.m-1167569698070291640line862, div.m-1167569698070291640line862
{mso-style-name:m_-1167569698070291640line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.m-1167569698070291640line891, li.m-1167569698070291640line891, div.m-1167569698070291640line891
{mso-style-name:m_-1167569698070291640line891;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.m-1167569698070291640anchor
{mso-style-name:m_-1167569698070291640anchor;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:58407119;
mso-list-template-ids:1356088718;}
@list l0:level1
{mso-level-start-at:2;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:111438550;
mso-list-template-ids:-565255054;}
@list l1:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:456065817;
mso-list-template-ids:420915670;}
@list l2:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:994453212;
mso-list-template-ids:-251500852;}
@list l3:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4
{mso-list-id:1411657931;
mso-list-template-ids:343066074;}
@list l4:level1
{mso-level-start-at:2;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5
{mso-list-id:2000885178;
mso-list-template-ids:1652954778;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Might
as well fix all the audit references while we’re at it …<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">-Tim</span></p>
</div>
</blockquote>
<br>
Yes, we should take care of all criteria versions as I mentioned in
replying to Peter, and allow for newer versions as well. For this
particular issue of WebTrust for CAs, according to
<a class="moz-txt-link-freetext" href="http://www.webtrust.org/principles-and-criteria/item83172.aspx">http://www.webtrust.org/principles-and-criteria/item83172.aspx</a>, it
seems that 2.0 is actively used for audit periods that begin before
Nov 1, 2017. If I understand this correctly, we would be able to
remove 2.0 from the Baseline Requirements only after Nov 1, 2018. <br>
<br>
Is this correct?<br>
<br>
Dimitris.<br>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:DM5PR14MB13716F3B4CCD43F37F8BB2AB83B50@DM5PR14MB1371.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Public [<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On
Behalf Of </b>Jeff Ward via Public<br>
<b>Sent:</b> Thursday, April 19, 2018 9:34 AM<br>
<b>To:</b> Ryan Sleevi <a class="moz-txt-link-rfc2396E" href="mailto:sleevi@google.com"><sleevi@google.com></a>;
CA/Browser Forum Public Discussion List
<a class="moz-txt-link-rfc2396E" href="mailto:public@cabforum.org"><public@cabforum.org></a>; Dimitris Zacharopoulos
<a class="moz-txt-link-rfc2396E" href="mailto:jimmy@it.auth.gr"><jimmy@it.auth.gr></a><br>
<b>Subject:</b> Re: [cabfpub] Ballot proposal - Update
Section 8.4 for CA audit criteria<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Not
sure if it matters a great deal, but the reference to
WebTrust for CA should be version 2.1, not 2.0.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040">Jeff Ward, CPA, CGMA,
CITP, CISA, CISSP, CEH</span></b><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040"><br>
Office Managing Partner & National Leader Third Party
Attestation (SOC/WebTrust/Cybersecurity)<br>
314-889-1220 (Direct) 347-1220 (Internal)<br>
314-889-1221 (Fax)</span><span style="color:#1F497D"><br>
</span><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#ED1A3B"><a
href="mailto:jward@bdo.com" moz-do-not-send="true"><span
style="color:#ED1A3B">jward@bdo.com</span></a></span><span
style="color:#1F497D"><br>
<br>
</span><b><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040">BDO</span></b><span
style="color:#1F497D"><br>
</span><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040">101 S Hanley Rd, Suite
800<br>
St. Louis, MO 63105 <br>
UNITED STATES<br>
314-889-1100</span><span style="color:#1F497D"><br>
</span><u><span
style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#ED1A3B"><a
href="http://www.bdo.com" moz-do-not-send="true"><span
style="color:#ED1A3B">www.bdo.com</span></a></span></u><span
style="color:#1F497D"><br>
<br>
</span><i><span
style="font-size:10.0pt;font-family:trebuchet;color:green">Please
consider the environment before printing this e-mail</span></i><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Public [<a href="mailto:public-bounces@cabforum.org"
moz-do-not-send="true">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ryan Sleevi via Public<br>
<b>Sent:</b> Monday, April 16, 2018 9:21 AM<br>
<b>To:</b> Dimitris Zacharopoulos <<a
href="mailto:jimmy@it.auth.gr"
moz-do-not-send="true">jimmy@it.auth.gr</a>>;
CA/Browser Forum Public Discussion List <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true">public@cabforum.org</a>><br>
<b>Subject:</b> Re: [cabfpub] Ballot proposal - Update
Section 8.4 for CA audit criteria<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><em><b><span
style="font-size:9.0pt;font-family:"Trebuchet
MS",sans-serif;color:mediumslateblue">Attention:
This email was sent from someone outside of BDO USA.
Always use caution when opening attachments or
clicking links from unknown senders or when receiving
unexpected emails.</span></b></em><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Sun, Apr 15, 2018 at 2:18 AM,
Dimitris Zacharopoulos via Public <<a
href="mailto:public@cabforum.org" target="_blank"
moz-do-not-send="true">public@cabforum.org</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
I am looking for two endorsers for the following
ballot.<br>
<br>
Dimitris.<o:p></o:p></p>
<p class="m-1167569698070291640line867"><strong>Ballot
XXX - Update Section 8.4 for CA audit criteria</strong>
<o:p></o:p></p>
<p class="m-1167569698070291640line874">The
following motion has been proposed by Dimitris
Zacharopoulos of HARICA and endorsed by ___ and
___<o:p></o:p></p>
<p class="m-1167569698070291640line867"><strong>Background</strong>:
<o:p></o:p></p>
<p class="m-1167569698070291640line874">Section
8.4 of the Baseline Requirements describes the
audit criteria for CAs that issue
Publicly-Trusted SSL/TLS Certificates. This
ballot attempts to achieve two things: <o:p></o:p></p>
<ol start="1" type="1">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo3">Remove the old ETSI TS documents
<o:p></o:p></li>
<li class="m-1167569698070291640line862"
style="mso-list:l2 level1 lfo3">Align the <a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cabforum.org%2Fwiki%2FWebTrust&data=02%7C01%7Cjward%40bdo.com%7Cefc0815200a54f92dbf908d5a3a571a5%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636594853327607164&sdata=8xxyL5y4ru1ryYPo35ybbZcRfoYyoFJqbSNpNNqgDZE%3D&reserved=0"
target="_blank" moz-do-not-send="true">WebTrust</a>
and ETSI requirements <o:p></o:p></li>
</ol>
<p class="m-1167569698070291640line862">"<a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cabforum.org%2Fwiki%2FWebTrust&data=02%7C01%7Cjward%40bdo.com%7Cefc0815200a54f92dbf908d5a3a571a5%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636594853327607164&sdata=8xxyL5y4ru1ryYPo35ybbZcRfoYyoFJqbSNpNNqgDZE%3D&reserved=0"
target="_blank" moz-do-not-send="true">WebTrust</a>
for Certification Authorities" is equivalent to
"ETSI EN 319 401" and "<a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cabforum.org%2Fwiki%2FWebTrust&data=02%7C01%7Cjward%40bdo.com%7Cefc0815200a54f92dbf908d5a3a571a5%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636594853327607164&sdata=8xxyL5y4ru1ryYPo35ybbZcRfoYyoFJqbSNpNNqgDZE%3D&reserved=0"
target="_blank" moz-do-not-send="true">WebTrust</a>
Principles and Criteria for Certification
Authorities – SSL Baseline with Network
Security" is the equivalent of "ETSI EN 319
411-1". <o:p></o:p></p>
<p class="m-1167569698070291640line867"><strong>--
MOTION BEGINS --</strong> <o:p></o:p></p>
<p class="m-1167569698070291640line874">Replace
the first two numbered items in section 8.4 of
the Baseline Requirements from: <o:p></o:p></p>
<ol start="1" type="1">
<li class="m-1167569698070291640line891"
style="mso-list:l1 level1 lfo5"><a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cabforum.org%2Fwiki%2FWebTrust&data=02%7C01%7Cjward%40bdo.com%7Cefc0815200a54f92dbf908d5a3a571a5%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636594853327607164&sdata=8xxyL5y4ru1ryYPo35ybbZcRfoYyoFJqbSNpNNqgDZE%3D&reserved=0"
target="_blank" moz-do-not-send="true">WebTrust</a>
for Certification Authorities v2.0; <o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1
level1 lfo5">A national scheme that audits
conformance to ETSI TS 102 042 / ETSI EN 319
411-1; or <o:p></o:p></li>
</ol>
<p class="m-1167569698070291640line874">to: <o:p></o:p></p>
<ol start="1" type="1">
<li class="m-1167569698070291640line891"
style="mso-list:l3 level1 lfo8"><a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cabforum.org%2Fwiki%2FWebTrust&data=02%7C01%7Cjward%40bdo.com%7Cefc0815200a54f92dbf908d5a3a571a5%7C6e57fc1a413e405091da7d2dc8543e3c%7C0%7C0%7C636594853327763420&sdata=nF1OV4mtZ2VQF6ucGxisGOgndqhfDJYULFK4ZGNpOr4%3D&reserved=0"
target="_blank" moz-do-not-send="true">WebTrust</a>
Principles and Criteria for Certification
Authorities – SSL Baseline with Network
Security; <o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3
level1 lfo8">A national scheme that audits
conformance to ETSI EN 319 411-1; or<o:p></o:p></li>
</ol>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">As noted several times that
this has come up in the past, your proposed change
to #1 is meaningfully and substantially different
than what is currently required. You are proposing
*changing* the audit scheme to a more restrictive
set. That's something in the past that browsers
have objected to, and for good reason.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<br>
</span><em><b><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">BDO
USA, LLP, a Delaware limited liability partnership, is
the U.S. member of BDO International Limited, a UK
company limited by guarantee, and forms part of the
international BDO network of independent member firms.
</span></b></em><b><i><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><br>
<br>
<em><span
style="font-family:"Calibri",sans-serif">BDO
is the brand name for the BDO network and for each
of the BDO Member Firms.</span></em><br>
<br>
<em><span
style="font-family:"Calibri",sans-serif">IMPORTANT
NOTICES</span></em><br>
<br>
<em><span
style="font-family:"Calibri",sans-serif">The
contents of this email and any attachments to it
may contain privileged and confidential
information from BDO USA, LLP. This information is
only for the viewing or use of the intended
recipient. If you are not the intended recipient,
you are hereby notified that any disclosure,
copying, distribution or use of, or the taking of
any action in reliance upon, the information
contained in this e-mail, or any of the
attachments to this e-mail, is strictly prohibited
and that this e-mail and all of the attachments to
this e-mail, if any, must be immediately returned
to BDO USA, LLP or destroyed and, in either case,
this e-mail and all attachments to this e-mail
must be immediately deleted from your computer
without making any copies hereof. If you have
received this e-mail in error, please notify BDO
USA, LLP by e-mail immediately.</span></em></span></i></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>