[cabfpub] RV: Text for ETSI Audit in CAB Forum baseline

Ryan Sleevi sleevi at google.com
Tue Jun 7 14:55:12 UTC 2016

On Tue, Jun 7, 2016 at 5:23 AM, Barreira Iglesias, Iñigo <
i-barreira at izenpe.eus> wrote:

> Yes, you´re correct and the BRs should be clear with this, but at the
> moment, the root program requirements already says that a full audit is
> required and then the TSPs that use ETSI standards shall make a full audit
> every year, but does not affect eIDAS nor ETSI.

Correct, but this isn't being followed by TSPs today, as Jody and I
highlighted, hence the desire to provide clear and explicit language for
TSPs and for CABs about what conformance to the BRs means.

> And yes, for changing the BRs, it needs to vote, but for what I think was
> the text to include was just to change the “old” TSs to include the “new”
> ENs and for that there´s no need to vote I think.

No, we need to ballot it. Just like we discussed changes to clarify the
wording regarding WebTrust, simply updating the numbers carries with it
meaningful changes. While I realize that CAs will not be able to get audits
to the old TSes "eventually" ("soon"), these sorts of changes are exactly
the kind of thing that needs to go through a ballot.

As a CA who is involved with ETSI standards, presumably you might be
interested in tackling the ballot that solves these two issues, lest the EN
standards not be accepted, per the language of the BRs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160607/73384869/attachment-0003.html>

More information about the Public mailing list