[cabfpub] Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Sat Jul 27 15:06:56 UTC 2013 

Trend Micro votes yes.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Friday, July 26, 2013 4:29 PM
To: public at cabforum.org
Subject: [cabfpub] Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)


Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)

Mads Henriksveen made the following motion, and iñigo Barreira from Izenpe, and Kirk Hall from Trend Micro endorsed it:

Motion Begins

EFFECTIVE IMMEDIATELY, in order to remove unnecessary specificity in the Baseline Requirements (BRs), we propose that the following edits be made to the BRs:

In Document History, DELETE:  "and are currently in effect. See http://www.webtrust.org/homepage-documents/item27839.aspx and also http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf" as follows:

Document History

Implementers' Note: Version 1.1 of these SSL Baseline Requirements was published on September 14, 2012. Version 1.1 of WebTrust's SSL Baseline Audit Criteria and ETSI Technical Standard Electronic Signatures and Infrastructures (ESI) 102 042 version 2.3.1 incorporate version 1.1 of these Baseline Requirements and are currently in effect. See http://www.webtrust.org/homepage-documents/item27839.aspx and also http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_102042v020301p.pdf.

Section 3. References

In Section 3 References,

INSERT "119 403," in between "ETSI TS" and "Electronic Signatures and Infrastructures" and

DELETE "available at: http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf" as follows:

ETSI TS 119 403, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - General Requirements and Guidance available at: http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf

DELETE "V2.1.1" as follows:

ETSI TS 102 042 V2.1.1, Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates.

DELETE "Version 2.0, available at http://www.webtrust.org/homepage-documents/item27839.aspx" as follows:

WebTrust Program for Certification Authorities Version 2.0, available at http://www.webtrust.org/homepage-documents/item27839.aspx.

In Section 17.1 Eligible Audit Schemes,  DELETE "v.2.0" and in subsection 2. DELETE "A national scheme that audits conformance to" as follows:

The CA SHALL undergo an audit in accordance with one of the following schemes:
1. WebTrust Program for Certification Authorities v2.0 audit;
2. A national scheme that audits conformance to ETSI TS 102 042 audit including DVCP, OVCP, EVCP or EVCP+;
3. A scheme that audits conformance to ISO 21188:2006; or
4. If a Government CA is required by its Certificate Policy to use a different internal audit scheme, it MAY use such scheme provided that the audit either (a) encompasses all requirements.

AND EFFECTIVE IMMEDIATELY, in order to remove unnecessary specificity in the EV Guidelines (EVGs) we propose that the following edits be made to the EVGs:

In Section 8.2.1 Implementation, DELETE "(ii)" and "V2.1.1" as follows:

(B) Implement the requirements of (i) the then-current WebTrust Program for CAs, and (ii) the then-current WebTrust EV Program or (ii) the then-current ETSI TS 102 042 EV Certificate Policies (EVCP or EVCP+) V2.1.1; and

In Section 8.2.2 Disclosure, DELETE "V.2.1.1" as follows:

Each CA MUST publicly disclose their EV Policies through an appropriate and readily accessible online means that is available on a 24x7 basis. The CA is also REQUIRED to publicly disclose its CA business practices as required by both WebTrust for CAs and ETSI TS 102 042 V2.1.1. The disclosures MUST be structured in accordance with either RFC 2527 or RFC 3647.

In Section 17.1 Eligible Audit Schemes, DELETE "V.2.1.1" as follows:

A CA issuing EV Certificates SHALL undergo an audit in accordance with one of the following schemes:
(i) WebTrust Program for Certification Authorities audit and WebTrust EV Program audit, or
(ii) ETSI TS 102 042 v2.1.1 audit including EVCP or EVCP+.

In subsection (2) of Section 17.4 Pre-Issuance Readiness Audit, DELETE "V.2.1.1" as follows:

(2) If the CA has a currently valid ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete a point-in-time readiness assessment audit against ETSI TS 102 042 V2.1.1 EVCP or EVCP+. (3) If the CA does not have a currently valid WebTrust Seal of Assurance for CAs or an ETSI 102 042 audit, then, before issuing EV Certificates, the CA and its Root CA MUST successfully complete either: (i) a point-in-time readiness assessment audit against the WebTrust for CA Program, or (ii) a point-in-time readiness assessment audit against the WebTrust EV Program, or an ETSI TS 102 042 V2.1.1. audit including EVCP or EVCP+.

The review period for this ballot shall commence at 2200 UTC on July 26th, 2013 and will close at 2200 UTC on August 2nd, 2013. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on August 9th, 2013. Votes must be cast by posting an on-list reply to this thread.

Motion Ends
A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: http://www.cabforum.org/forum.html

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and one half or more of the votes cast by members in the browser category must be in favor. Also, at least seven members must participate in the ballot, either by voting in favor, voting against, or abstaining.

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130727/8f8f2213/attachment-0003.html>

More information about the Public mailing list