[cabfpub] Ballot 107 - Removing version numbers to WebTrust andETSI standards from CABF Guidelines (EVG and BR)
i-barreira at izenpe.net
i-barreira at izenpe.net
Mon Jul 29 23:52:35 MST 2013
I´m ok but I´d also change in the BR-ballot-107.pdf document, at the beginning, in "implementers´ note" the references to the versions that are made regarding the webtrust and ETSI docs
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: martes, 30 de julio de 2013 2:03
Para: 'Moudrick M. Dadashov'; 'Sigbjørn Vik'
CC: public at cabforum.org
Asunto: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust andETSI standards from CABF Guidelines (EVG and BR)
In this ballot I think we were moving away from supplying URLs, and while we could put in generic references to where to go (e.g. "
http://www.etsi.org/standards" or " http://www.webtrust.org"), I think most people will be able to track down the most current versions through Internet
search. In response to Sigi's comment, what if we put the following
parenthetical just below BR 3.0 References-- "(Please refer to the latest
official version of these publications.)" ? I also don't want to say we
always require the most current version--it depends on the group publishing the reference. For instance, a cryptomodule certified using FIPS 140-2 is not obsoleted simply because 140-3 is adopted. (I'm proposing that along with the other changes being made that "-2" and "May 25, 2001" be removed from the FIPS 140 reference.) There are a few additional changes in the attached PDFs that differ slightly from the wording in the ballot that was sent out. If these redlines are acceptable to the sponsor/endorsers, then we can make the changes on the wiki accordingly.
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Moudrick M. Dadashov
Sent: Saturday, July 27, 2013 7:47 AM
To: Sigbjørn Vik
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)
On 7/27/2013 4:08 PM, Sigbjørn Vik wrote:
> On 27-Jul-13 01:28, Ben Wilson wrote:
>> Ballot 107 - Removing version numbers to WebTrust and ETSI standards
>> from CABF Guidelines (EVG and BR)
>>
>> Mads Henriksveen made the following motion, and iñigo Barreira from
>> Izenpe, and Kirk Hall from Trend Micro endorsed it:
> I am in favor of clarifying the text, and minimizing any maintenance
> needs. Do we need to specify somewhere that whenever we reference
> another document, we reference the latest version?
>
> E.g. the following:
>> The CA SHALL undergo an audit in accordance with one of the following
>> schemes:
>> 1. WebTrust Program for Certification Authorities audit;
> [...]
> Could easily be read as any version will suffice.
>
> An introduction in the references section explaining that we always
> refer to the latest official version would presumably cover this.
>
good point, Sigbjørn, or at least indicate URLs where the current versions can be found.
Thanks,
M.D.
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list