[cabfpub] Ballot 107 - Removing version numbers to WebTrust and ETSI standards from CABF Guidelines (EVG and BR)

Ben Wilson ben at digicert.com
Tue Jul 30 00:03:20 UTC 2013


In this ballot I think we were moving away from supplying URLs, and while we
could put in generic references to where to go (e.g. "
http://www.etsi.org/standards" or " http://www.webtrust.org"), I think most
people will be able to track down the most current versions through Internet
search.   In response to  Sigi's comment, what if we put the following
parenthetical just below BR 3.0 References-- "(Please refer to the latest
official version of these publications.)"  ?    I also don't want to say we
always require the most current version--it depends on the group publishing
the reference.  For instance, a cryptomodule certified using FIPS 140-2 is
not obsoleted simply because 140-3 is adopted.  (I'm proposing that along
with the other changes being made that "-2" and "May 25, 2001" be removed
from the FIPS 140 reference.)  There are a few additional changes in the
attached PDFs that differ slightly from the wording in the ballot that was
sent out.  If these redlines are acceptable to the sponsor/endorsers, then
we can make the changes on the wiki accordingly.

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Moudrick M. Dadashov
Sent: Saturday, July 27, 2013 7:47 AM
To: Sigbjørn Vik
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust and
ETSI standards from CABF Guidelines (EVG and BR)

On 7/27/2013 4:08 PM, Sigbjørn Vik wrote:
> On 27-Jul-13 01:28, Ben Wilson wrote:
>> Ballot 107 – Removing version numbers to WebTrust and ETSI standards 
>> from CABF Guidelines (EVG and BR)
>>
>> Mads Henriksveen made the following motion, and iñigo Barreira from 
>> Izenpe, and Kirk Hall from Trend Micro endorsed it:
> I am in favor of clarifying the text, and minimizing any maintenance 
> needs. Do we need to specify somewhere that whenever we reference 
> another document, we reference the latest version?
>
> E.g. the following:
>> The CA SHALL undergo an audit in accordance with one of the following
>> schemes:
>> 1. WebTrust Program for Certification Authorities audit;
> [...]
> Could easily be read as any version will suffice.
>
> An introduction in the references section explaining that we always 
> refer to the latest official version would presumably cover this.
>
good point,  Sigbjørn,  or at least indicate URLs where the current versions
can be found.

Thanks,
M.D.
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BR-Ballot-107.pdf
Type: application/pdf
Size: 94681 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130729/ebdea044/attachment-0006.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EV Ballot 107.pdf
Type: application/pdf
Size: 32098 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130729/ebdea044/attachment-0007.pdf>


More information about the Public mailing list