[cabfpub] Audit over CA/B BR and WebTrust needed?

Ben Wilson ben.wilson at digicert.com
Tue Feb 10 14:20:29 UTC 2015

I tried to port that all over from the wiki to the public web site.  


You can find information here -  https://cabforum.org/browser-os-info/ and here - https://cabforum.org/audit-criteria/. 


Going forward, if our website isn’t clear, then we need update the information so that it is.  Any member representative interested in improving our web pages should contact me. 






From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of i-barreira at izenpe.net
Sent: Tuesday, February 10, 2015 2:18 AM
To: sleevi at google.com; benedikt at cacert.org
Cc: public at cabforum.org
Subject: Re: [cabfpub] Audit over CA/B BR and WebTrust needed?


If you have access to the wiki there you can find the different requirements of the browsers plus the information from ETSI and Webtrust.



Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net <mailto:i-barreira at izenpe.net> 



ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.


De: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>  [mailto:public-bounces at cabforum.org] En nombre de Ryan Sleevi
Enviado el: martes, 10 de febrero de 2015 0:11
Para: Benedikt Heintel
Asunto: Re: [cabfpub] Audit over CA/B BR and WebTrust needed?


On Feb 9, 2015 3:05 PM, "Benedikt Heintel" <benedikt at cacert.org <mailto:benedikt at cacert.org> > wrote:
> Dear group,
> Planning the next steps forward, getting our root certificates in the
> trust stores, we wonder what are the minimum requirements  certification
> wise.
> Do we need CA/B Baseline Requirements and WebTrust Certification?
> Is it necessary to go for CA/B BR and ETSI TS 102 042? Is CA/B BR enough?
> Best Regards
> Benedikt
> --
> Benedikt Heintel - benedikt at cacert.org <mailto:benedikt at cacert.org> 
> CAcert Assurer for People & Organizations
> CAcert internal Auditor
> CAcert.org - Secure Together
> http://www.cacert.org
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org> 
> https://cabforum.org/mailman/listinfo/public

That's nominally a question for each root to answer as to what their individual acceptance policies are.

To be enabled for the SSL trust bits in Mozilla, for example, you must complete an appropriate audit scheme that incorporates the CA/B Forum Baseline Requirements, as well as comply with the Mozilla Root Inclusion policy.

The acceptable audit schemes are listed in https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/

For WebTrust, this means Principles and Criteria for CAs 2.0 _and_ SSL BR audit 1.1.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150210/65916e00/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150210/65916e00/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150210/65916e00/attachment-0001.p7s>

More information about the Public mailing list