[cabfpub] Agenda Items for Next Call
i-barreira at izenpe.net
i-barreira at izenpe.net
Wed Nov 20 12:32:40 UTC 2013
Erwann, Richard, all,
I think I didn´t explain myself clearly or at least not the intention.
What I meant is that for those CAs that are waiting to be included in the browser root programs and want to be a member of the CABF that they can apply indicating that they belong to their national TL, this is it. So, they can sign the IPR, they have the audit certifications in place, etc. but are awaiting to be included in the root program but already in the TL, then to consider by the CABF this option.
I didn´t mean to the audit requirements to the "qualified" web site certificates when the regulation comes to effect as Richard says and not to what kind of services you´re providing (qualified or not).
Regarding the trusted lists, the EU MS TL's are publicly available so anybody can check which TSP is listed for which type of services in each MS TL. There are some tools to do that.
OTOH, as far as I know the French list is listing not only the CA/QC services but also CA/PKC and TSA services which are approved against the French national approval scheme (RGS & TS 101 456 / TS 102 042 approval).
I think the French TL works like this :
+ only certified CA by an accredited auditor can ask to be included in TL
+ CA must do an application to SGMAP (French body) to be included in TL.
+ audit report must be send to SGMAP.
+ level can be 102 042 / 101 456 / RGS (1,2, 3 stars) / French law on QES
If you are certified RGS 1 or 2 stars CA, you can also claim for 102 042 in TL.
If you are certified RGS 3 stars or French law on qualified signature you can also claim for 101 456 in TL.
You can be only ETSI TS and not RGS, and then claim only TS status.
Regards
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
De: tScheme Technical Manager [mailto:richard.trevorah at tScheme.org]
Enviado el: miércoles, 20 de noviembre de 2013 12:09
Para: Barreira Iglesias, Iñigo; ben at digicert.com
CC: public at cabforum.org
Asunto: RE: [cabfpub] Agenda Items for Next Call
Hi Iñigo,
I think that this is a bit premature, there is still not an agreed draft for the complete revised Regulation - let alone the scope and timescale for any Implementing Acts.
When there is an agreed definition and audit process for providers of Qualified Certificates for Website Authentication, then that would be the time for discussion as to how they need to be reflected in the CA/Browser Forum's processes.
Best regards
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited
M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311
http://www.tscheme.org
------------------------------------
The information in this message and, if present, any attachments are intended solely for the attention and use of the named addressee(s). The content of this e-mail and its attachments is confidential and may be legally privileged. Unless otherwise stated, any use or disclosure is unauthorised and may be unlawful.
If you are not the intended recipient, please delete the message and any attachments and notify the sender as soon as practicable
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of i-barreira at izenpe.net
Sent: 20 November 2013 10:09
To: ben at digicert.com; public at cabforum.org
Subject: Re: [cabfpub] Agenda Items for Next Call
Hi Ben,
I´d like to update/modify the requirements for new applications, at least for EU CAs and incorporate the evidence of being part of their country TSL according to the new implementing act of the commission. I think it´s a minor change and won´t affect the EU (or from some other countries) applicants.
Should I propose a ballot? Do I need to send more info?
Regards
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: miércoles, 20 de noviembre de 2013 0:22
Para: public at cabforum.org
Asunto: [cabfpub] Agenda Items for Next Call
Here are some potential discussion items for this Thursday's call:
Discussion of Microsoft's SHA1 Announcement, Certificate lifetimes, SHA2 support, etc.
Report on status of Ballot 89 (EV Processing)
Discuss Ballot 107 (Remove specific references)
Discuss Bylaw Revisions and potential ballot (11/18 email from Gerv)
Membership applications
Report from Code Signing Working Group
Review of Web Site
Please let me know if you have any to add.
Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131120/baa0c4dd/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131120/baa0c4dd/attachment-0003.png>
More information about the Public
mailing list