[cabfpub] RV: Text for ETSI Audit in CAB Forum baseline

Mads Egil Henriksveen Mads.Henriksveen at buypass.no
Wed Jun 8 13:55:54 UTC 2016


I will endorse this ballot.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Barreira Iglesias, Iñigo
Sent: 8. juni 2016 14:38
To: Ryan Sleevi
Cc: Dean Coclin; public at cabforum.org
Subject: Re: [cabfpub] RV: Text for ETSI Audit in CAB Forum baseline

Ok, sent. I suggest to have an effective date of july 1st. Also need 2 endorsers.

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.eus<mailto:i-barreira at izenpe.eus>

[Descripción: firma_email_Izenpe_eus]

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

De: Ryan Sleevi [mailto:sleevi at google.com]
Enviado el: martes, 07 de junio de 2016 16:55
Para: Barreira Iglesias, Iñigo
CC: Dean Coclin; tScheme Technical Manager; public at cabforum.org<mailto:public at cabforum.org>
Asunto: Re: [cabfpub] RV: Text for ETSI Audit in CAB Forum baseline

On Tue, Jun 7, 2016 at 5:23 AM, Barreira Iglesias, Iñigo <i-barreira at izenpe.eus<mailto:i-barreira at izenpe.eus>> wrote:
Yes, you´re correct and the BRs should be clear with this, but at the moment, the root program requirements already says that a full audit is required and then the TSPs that use ETSI standards shall make a full audit every year, but does not affect eIDAS nor ETSI.

Correct, but this isn't being followed by TSPs today, as Jody and I highlighted, hence the desire to provide clear and explicit language for TSPs and for CABs about what conformance to the BRs means.

And yes, for changing the BRs, it needs to vote, but for what I think was the text to include was just to change the “old” TSs to include the “new” ENs and for that there´s no need to vote I think.

No, we need to ballot it. Just like we discussed changes to clarify the wording regarding WebTrust, simply updating the numbers carries with it meaningful changes. While I realize that CAs will not be able to get audits to the old TSes "eventually" ("soon"), these sorts of changes are exactly the kind of thing that needs to go through a ballot.

As a CA who is involved with ETSI standards, presumably you might be interested in tackling the ballot that solves these two issues, lest the EN standards not be accepted, per the language of the BRs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160608/c1fb881b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 9540 bytes
Desc: image001.jpg
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160608/c1fb881b/attachment-0003.jpg>

More information about the Public mailing list