[cabfpub] When did the WebTrust/ETSI BR audit requirement become mandatory?

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Fri Feb 20 21:45:15 UTC 2015

When you say "why" - do you mean "is regular WebTrust still required?" (it is, along with BR WebTrust), or are you suggesting that regular WebTrust should no longer be a requirement, just BR WebTrust?

In an earlier string, this was asked and I recall Don Sheehy noted that the two audit regimes are somewhat overlapping in certain areas, but otherwise cover different issues and are both still needed.

From: Eddy Nigg [mailto:eddy_nigg at startcom.org]
Sent: Friday, February 20, 2015 1:10 PM
To: Kirk Hall (RD-US); i-barreira; Peter Bowen; public at cabforum.org
Subject: Re: [cabfpub] When did the WebTrust/ETSI BR audit requirement become mandatory?

On 02/20/2015 09:01 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> wrote:
That's true - but every person visiting the site would have to do the same thing.  So as a practical matter, no commercial CA will proceed in selling certs generally without its roots being in the main browser root stores, which requires completed WebTrust/ETSI audits to be delivered to the browsers.  And I don't think the Forum needs to have "private" CA members.

The forum requires a CA to be supported by at least one major browser. But it can be a browser that isn't Mozilla - on the other hand why should WebTrust perform any other audits today than BR?


Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150220/d1713b62/attachment-0003.html>

More information about the Public mailing list