[cabfpub] RV: Text for ETSI Audit in CAB Forum baseline
Dean Coclin
Dean_Coclin at symantec.com
Sun May 29 00:32:46 UTC 2016
As you know, changing this will require discussion and a ballot. Who will
drive that? Inigo?
Thanks,
Dean
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Barreira Iglesias, Iñigo
Sent: Thursday, May 26, 2016 9:27 AM
To: tScheme Technical Manager <richard.trevorah at tScheme.org>;
public at cabforum.org
Subject: Re: [cabfpub] RV: Text for ETSI Audit in CAB Forum baseline
Richard,
yesterday was agreed to have full audits yearly to meet browser
requirements. So even eIDAS says the 2 years audit with anual surveillance
audits, it was decided to change to yearly full audits, and that´s what the
text from Nick reflects.
This is in the CABF documents affecting the SSL certificates at the moment.
_____
De: tScheme Technical Manager <richard.trevorah at tScheme.org
<mailto:richard.trevorah at tScheme.org> >
Enviado: jueves, 26 de mayo de 2016 9:50
Para: Barreira Iglesias, Iñigo; public at cabforum.org
<mailto:public at cabforum.org>
Asunto: RE: [cabfpub] RV: Text for ETSI Audit in CAB Forum baseline
My only comment on Nick’s proposal is on frequency.
In Mr Wanko’s presentation he has:
“7.4.6 Audit Frequency
*There shall be a period of no greater than two years for a full
(re-)assessment audit unless otherwise required by the [
] commercial scheme
applying the present document.
7.9 Surveillance
*[
] It is recommended that at least one surveillance audit per year is
performed in between full (re-)assessment audits. ”
Which I think captures the eIDAS regulation rather than Nick’s proposal for
a full audit annually, so I would change the final sentence to:
“Full audits against the ETSI standards shall be carried out at least every
two years and there should be at least one surveillance audit per year
between full audits. ”
Regards
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited
M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311
http://www.tscheme.org
------------------------------------
The information in this message and, if present, any attachments are
intended solely for the attention and use of the named addressee(s). The
content of this e-mail and its attachments is confidential and may be
legally privileged. Unless otherwise stated, any use or disclosure is
unauthorised and may be unlawful.
If you are not the intended recipient, please delete the message and any
attachments and notify the sender as soon as practicable
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Barreira Iglesias, Iñigo
Sent: 26 May 2016 08:14
To: public at cabforum.org <mailto:public at cabforum.org>
Subject: [cabfpub] RV: Text for ETSI Audit in CAB Forum baseline
_____
De: Inigo Barreira <inigo_barreira at hotmail.com>
Enviado: jueves, 26 de mayo de 2016 9:12
Para: Barreira Iglesias, Iñigo
Asunto: FW: Text for ETSI Audit in CAB Forum baseline
_____
From: nick.pope at thales-esecurity.com <mailto:nick.pope at thales-esecurity.com>
To: public at cabforum.org <mailto:public at cabforum.org>
CC: c.wanko at tuvit.de <mailto:c.wanko at tuvit.de> ; atrotin at exchange.lsti.fr
<mailto:atrotin at exchange.lsti.fr> ; pbouchet at exchange.lsti.fr
<mailto:pbouchet at exchange.lsti.fr> ; inigo_barreira at hotmail.com
<mailto:inigo_barreira at hotmail.com>
Date: Wed, 25 May 2016 16:13:19 +0100
Subject: Text for ETSI Audit in CAB Forum baseline
All,
Following on from my presentation today on the latest ETSI standards and
that of the ACAB’c I would suggest that the CABF baseline requirements
section 8.2 item on audits against ETSI standards is replaced with the
following. I ask my EU colleagues to come with in any further suggestions.
4. For audits conducted in accordance with any one of the ETSI standards,
conformity assessment bodies accredited in accordance with ISO 17065
applying the requirements specified in EN 319 403. Full audits against the
ETSI standards shall be carried out annually.
Elsewhere replace reference to TS 102 042 with EN 319 411-1.
Thanks for the interesting discussions today.
Nick
Nick Pope CITP, CISSP
THALES
Principal Consultant, Advanced Solutions Group EMEA
Vice chair – ETSI Technical Committee on Electronic Signatures and
Infrastructures
Meadow View House, Long Crendon, AYLESBURY, HP18 9EQ, UK
<http://www.thales-esecurity.com/> www.thales-esecurity.com
Mob: +44 (0) 7880 787940, Tel: +44 (0) 1844 201800 (General).
email: <mailto:Nick.Pope at thales-esecurity.com>
Nick.Pope at thales-esecurity.com
_____
Consider the environment before printing this mail.
Thales UK Limited is incorporated in England and Wales with company
registration number 00868273. Its registered office is located at 2 Dashwood
Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge, Surrey KT15
2NX.
The information contained in this e-mail is confidential. It may also be
privileged. It is intended only for the stated addressee(s) and access to it
by any other person is unauthorised. If you are not an addressee or the
intended addressee, you must not disclose, copy, circulate or in any other
way use or rely on the information contained in this e-mail. Such
unauthorised use may be unlawful. If you have received this e-mail in error,
please inform us immediately on +44 (0)1844 201800 and delete it and all
copies from your system. Commercial matters detailed or referred to in this
e-mail are subject to a written contract signed for and on behalf of Thales
UK Limited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160528/b5315d6f/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160528/b5315d6f/attachment-0001.p7s>
More information about the Public
mailing list