<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
Yes, we removed it as redundant because the "national scheme" seems
to apply to auditor qualifications (or accreditation), that is
already described in section 8.2 as we mentioned on April 15th
(<a class="moz-txt-link-freetext" href="https://cabforum.org/pipermail/public/2018-April/013237.html">https://cabforum.org/pipermail/public/2018-April/013237.html</a>).<br>
<br>
Arno, what you describe as "define more precise requirements on
standards for conducting the audits", mainly affects section 8.2 and
not 8.4 that this ballot tries to update. My understanding is that
the current ballot language clarifies and aligns both standard
schemes (WebTrust and ETSI) and is rather uncontroversial.<br>
<br>
As Tim said, if new information is brought forward, we don't need to
withdraw the ballot but delay the voting start date so please
provide more feedback if there are is any ambiguity introduced,
compared to the previous language.<br>
<br>
<br>
Thank you,<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 23/4/2018 7:01 μμ, Moudrick M.
Dadashov via Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ce4cb375-a67b-febc-4888-f21f1d229a86@ssc.lt">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<font face="Cambria">Tim, the latest ballot doesn't have "national
scheme", its gone...<br>
<br>
Thanks,<br>
M.D.<br>
</font><br>
<div class="moz-cite-prefix">On 4/23/2018 5:53 PM, Tim Hollebeek
via Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MWHPR14MB1376810C1CA488FC0D16857383890@MWHPR14MB1376.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.anchor
{mso-style-name:anchor;}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.nonexistent
{mso-style-name:nonexistent;}
p.line891, li.line891, div.line891
{mso-style-name:line891;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle28
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1657876091;
mso-list-template-ids:-742780622;}
@list l1
{mso-list-id:1711615075;
mso-list-template-ids:73794288;}
@list l2
{mso-list-id:2116095980;
mso-list-template-ids:364034958;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">There’s no
need to postpone the discussion phase, as the discussion
phase can last for as long as is necessary to get the
ballot to where we want it to be. That’s why it’s listed
as 7+ days. The end time should be listed as “not before
30 April 2018” instead of “30 April 2018”, in line with
what we did for other recent ballots.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Also, it
is worth mentioning that this ballot came out of an
oversight by the Governance Change Working Group, where we
accidentally didn’t include Dimitris’ changes in the
Governance Reform ballot, despite the fact that we said we
were going to. It would be a shame to hold up these
improvements for a long time by tying them to other larger
efforts. I could be wrong, but “define more precise
requirements on standards for conducting the audits” by
referencing new standards sounds like something that could
take a long while to get agreement on.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Fixing the
definition of “national scheme” sounds much more doable,
and suggesting a concrete proposal of how it could be done
would help.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">-Tim<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue
1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Public [<a
class="moz-txt-link-freetext"
href="mailto:public-bounces@cabforum.org"
moz-do-not-send="true">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Arno Fiedler via Public<br>
<b>Sent:</b> Monday, April 23, 2018 10:27 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:public@cabforum.org"
moz-do-not-send="true">public@cabforum.org</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated"
href="mailto:management-request@cabforum.org"
moz-do-not-send="true">management-request@cabforum.org</a>;
ESI_TSP: (ESI Trust Service Providers) <a
class="moz-txt-link-rfc2396E"
href="mailto:ESI_TSP@LIST.ETSI.ORG"
moz-do-not-send="true"><ESI_TSP@LIST.ETSI.ORG></a><br>
<b>Subject:</b> Re: [cabfpub] Ballot 223 - Update BR
Section 8.4 for CA audit criteria: Request to
postpone it<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Dear CA/B-Forum Members,<o:p></o:p></p>
<p>sorry for jumping in late, Dimitris and Moudrick, many
thanks for the proposed ballot. <br>
After checking different Browser Requirements I strongly
suggest to postpone the discussion phase ballot 223 on
"Updating BR Section 8.4".<o:p></o:p></p>
<p>We should have further improvements on the definitions, <br>
esp. of "national scheme" ( e. g. within EA or IAF
Framework) and <br>
define more precise requirements on standards for
conducting the audits, (e. g. ISO/IEC 17065 supplemented
by ETSI EN 319 403) <br>
so I suggest to postpone the start of the discussion phase
on May, the 7th.<o:p></o:p></p>
<p>Would realy like to cover the audit requirements from all
browsers by the Ballot, so more time is needed.<o:p></o:p></p>
<p>Thanks in advance and best regards<o:p></o:p></p>
<p>Arno Fiedler<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Am 23.04.2018 um 07:18 schrieb
Dimitris Zacharopoulos via Public:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="line874"><o:p> </o:p></p>
<p class="line874">The following motion has been proposed
by Dimitris Zacharopoulos of HARICA and endorsed by
Moudrick M. Dadashov of SSC and Tim Hollebeek from
Digicert. <o:p></o:p></p>
<p class="line867"><strong><span
style="font-family:"Calibri",sans-serif">Background</span></strong>:
<o:p></o:p></p>
<p class="line874">Section 8.4 of the Baseline
Requirements describes the audit criteria for CAs that
issue Publicly-Trusted SSL/TLS Certificates. This ballot
attempts to achieve two things: <o:p></o:p></p>
<ol start="1" type="1">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0
level1 lfo1">Remove the old ETSI TS documents <o:p></o:p></li>
<li class="line862" style="mso-list:l0 level1 lfo1">Align
the <span class="nonexistent">WebTrust</span> and
ETSI requirements <o:p></o:p></li>
</ol>
<p class="line862">"<span class="nonexistent">WebTrust</span>
for Certification Authorities" is equivalent to "ETSI EN
319 401" and "<span class="nonexistent">WebTrust</span>
Principles and Criteria for Certification Authorities –
SSL Baseline with Network Security" is equivalent to
"ETSI EN 319 411-1". <o:p></o:p></p>
<p class="line867"><strong><span
style="font-family:"Calibri",sans-serif">--
MOTION BEGINS --</span></strong> <o:p></o:p></p>
<p class="line874">Replace the first two numbered items in
section 8.4 from: <o:p></o:p></p>
<ol start="1" type="1">
<li class="line891" style="mso-list:l2 level1 lfo2"><span
class="nonexistent">WebTrust</span> for
Certification Authorities v2.0; <o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo2">A national scheme that audits conformance
to ETSI TS 102 042 / ETSI EN 319 411-1; or <o:p></o:p></li>
</ol>
<p class="line874">to: <o:p></o:p></p>
<ol start="1" type="1">
<li class="line862" style="mso-list:l1 level1 lfo3">"<span
class="nonexistent">WebTrust</span> for CAs v2.0 or
newer" AND "<span class="nonexistent">WebTrust</span>
for CAs SSL Baseline with Network Security v2.2 or
newer"; or <o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1
level1 lfo3">"ETSI EN 319 401 v2.1.1 or newer" AND
"ETSI EN 319 411-1 v1.1.1"; or<o:p></o:p></li>
</ol>
<p class="line867"><strong><span
style="font-family:"Calibri",sans-serif">--
MOTION ENDS --</span></strong> <o:p></o:p></p>
<p class="line874">The procedure for this ballot is as
follows (exact start and end times may be adjusted to
comply with applicable Bylaws and IPR Agreement): <o:p></o:p></p>
<div>
<table class="MsoNormalTable" cellspacing="5"
cellpadding="0" border="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt
.75pt;"#E0E0FF""background-color:"""">
<p class="line891"><strong><span
style="font-family:"Calibri",sans-serif">BALLOT
223 Status: Update BR Section 8.4 for CA
audit criteria</span></strong> <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"#E0E0FF"text-align:center"background-color:"""">
<p class="line891"><strong><span
style="font-family:"Calibri",sans-serif">Start
time (22:00 UTC)</span></strong> <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"#E0E0FF"text-align:center"background-color:"""">
<p class="line891"><strong><span
style="font-family:"Calibri",sans-serif">End
time (22:00 UTC)</span></strong> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="line862">Discussion (7+ days) <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">23 April 2018 <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">30 April 2018 <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="line862">Vote for approval (7 days) <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">TBD <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">TBD according to voting start
time <o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt
.75pt;""""">
<p class="line862">If vote approves ballot:
Review Period (Chair to send Review Notice)
(30 days)<br>
If Exclusion Notice(s) filed, ballot approval
is rescinded and PAG to be created.<br>
If no Exclusion Notices filed, ballot becomes
effective at end of Review Period.<br>
Votes must be cast by posting an on-list reply
to this thread on the Public Mail List. <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">Upon filing of Review Notice
by Chair <o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt
.75pt;"text-align:center"">
<p class="line862">30 days after filing of
Review Notice by Chair <o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="line874">From the Bylaws section 2.4(a): "If the
Draft Guideline Ballot is proposing a Final Maintenance
Guideline, such ballot will include a redline or
comparison showing the set of changes from the Final
Guideline section(s) intended to become a Final
Maintenance Guideline, and need not include a copy of
the full set of guidelines. Such redline or comparison
shall be made against the Final Guideline section(s) as
they exist at the time a ballot is proposed, and need
not take into consideration other ballots that may be
proposed subsequently, except as provided in Section
2.4(j) below". <o:p></o:p></p>
<p class="line862">Votes must be cast by posting an
on-list reply to this thread on the Public list. A vote
in favor of the motion must indicate a clear 'yes' in
the response. A vote against must indicate a clear 'no'
in the response. A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will not be
counted. The latest vote received from any
representative of a voting member before the close of
the voting period will be counted. Voting members are
listed here: <a
href="https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmembers%2F&data=02%7C01%7C%7Cd1ece9170b4c412118c308d5a8d9b97b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636600575423532305&sdata=%2BtkvNa%2FRWMg%2BMi3aHyR4HnvwLA%2FDp5yqBCe7twDbuUs%3D&reserved=0"
moz-do-not-send="true">https://cabforum.org/members/</a>
<o:p></o:p></p>
<p class="MsoNormal">In order for the motion to be
adopted, two thirds or more of the votes cast by members
in the CA category and greater than 50% of the votes
cast by members in the browser category must be in
favor. Quorum is shown on CA/Browser Forum wiki. Under
the Bylaws section 2.3(g), at least the required quorum
number must participate in the ballot for the ballot to
be valid, either by voting in favor, voting against, or
abstaining. <br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7C%7Cd1ece9170b4c412118c308d5a8d9b97b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636600575423532305&sdata=y2KaTimAOv%2FA%2FjMTaDpP1C9MPVG%2FPtTTxL9RPUE78pc%3D&reserved=0" moz-do-not-send="true">https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7C%7Cd1ece9170b4c412118c308d5a8d9b97b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636600575423532305&sdata=y2KaTimAOv%2FA%2FjMTaDpP1C9MPVG%2FPtTTxL9RPUE78pc%3D&reserved=0</a><o:p></o:p></pre>
</blockquote>
<pre>-- <o:p></o:p></pre>
<pre>Arno Fiedler<o:p></o:p></pre>
<pre>Nimbus Technologieberatung GmbH<o:p></o:p></pre>
<pre>Reichensteiner Weg 17<o:p></o:p></pre>
<pre>14195 Berlin<o:p></o:p></pre>
<pre>Mobil: 0049-(0)172-3053272<o:p></o:p></pre>
<pre>Fax: 0049-(0)30-89745-777<o:p></o:p></pre>
<pre>E-Mail: <a href="mailto:arno.fiedler@nimbus-berlin.com" moz-do-not-send="true">arno.fiedler@nimbus-berlin.com</a><o:p></o:p></pre>
<pre>Web: <a href="https://clicktime.symantec.com/a/1/ZkMg4lf2QLN5xtF6BtrL1-wzNDD7Dq-y6pBn5TpZJYA=?d=UHo2Qz9CW7I04zEs37QU2ZPO7JgcLOhepmWY8i9XMIXkHN7Uxxcl7LOnLuy6DMHWLlZ4M3W7YH53fij_k6wPI-URHX4RR4ewze4_dNA77EqoEYf1LT7tyxjTEghcECLGQOni-Dn4UeLOOXZ9xqEh-Ta_n9ti9HoDEbK0BrHvQeqY9NvWby5NOiX7SuDaQoqB57iND11htveXS7AylirpKMHhOCPaAF9n7QNqE6GAk1djNSvPh6O7nNDyI5tSzGSgilrGyQLxWbKY9U2Ddmxt4iwp496mM6VLEaduEQUUKiuRVLjkLg6hishWSvKzc2FruqJ1X3Tgu3u_uwQifCmNyZz0Eaga63npSeBSGO6YzvQZXpDSQbrm_HpRIX9uDUsZArOluVWLyioGSu5sEeKw4d6PB0JkwUxnefRgnDUBUdKrF3eQt_RMwGmEnTQZ83dI6IB-2s7SgCvouwbIov8HwZTlDhrShmU%3D&u=http%3A%2F%2Fwww.nimbus-berlin.com" moz-do-not-send="true">www.nimbus-berlin.com</a><o:p></o:p></pre>
<pre>Geschäftsführer: Arno Fiedler<o:p></o:p></pre>
<pre>USt-IdNr. : DE 203 269 920<o:p></o:p></pre>
<pre>D-U-N-S® Nr. 50-730-8117<o:p></o:p></pre>
<pre>HandelsregisterNr:HRB 109409 B<o:p></o:p></pre>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public" moz-do-not-send="true">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>