[cabfpub] When to stop accepting old ETSI audits?
tScheme Technical Manager
richard.trevorah at tScheme.org
Mon Nov 28 23:59:17 UTC 2016
That is certainly true in some Member States (UK included) but is doesn’t alter fact that eIDAS came into force on 1st July 2016 and any Conformity Assessment Report submitted after that date would have to demonstrate compliance with the eIDAS regulation – and the old ETSI TS are not sufficient for that purpose.
However, I believe that some MS have produced their Supervisory Body requirements (e.g. LU, MT & SE) and there are also some very detailed guidelines being drafted by ENISA that can be viewed at https://www.enisa.europa.eu/topics/trust-services/guidelines/
Cheers
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited
M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311
http://www.tscheme.org
------------------------------------
The information in this message and, if present, any attachments are intended solely for the attention and use of the named addressee(s). The content of this e-mail and its attachments is confidential and may be legally privileged. Unless otherwise stated, any use or disclosure is unauthorised and may be unlawful.
If you are not the intended recipient, please delete the message and any attachments and notify the sender as soon as practicable
From: Moudrick M. Dadashov [mailto:md at ssc.lt]
Sent: 28 November 2016 23:33
To: tScheme Technical Manager; 'CA/Browser Forum Public Discussion List'
Subject: Re: [cabfpub] When to stop accepting old ETSI audits?
Indeed, Richard, but unfortunately what used to be a single step (audit) now needs two steps - the TSPs need to meet also the [non-existing] supervisor requirements.
Thanks,
M.D.
On 11/29/2016 1:05 AM, tScheme Technical Manager wrote:
Technically, eIDAS gave July 2016 as the cutoff but allowed one year for transition. However, it states that any audits after July 2016 must use new requirements.
Cheers
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited
M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311
http://www.tscheme.org
------------------------------------
The information in this message and, if present, any attachments are intended solely for the attention and use of the named addressee(s). The content of this e-mail and its attachments is confidential and may be legally privileged. Unless otherwise stated, any use or disclosure is unauthorised and may be unlawful.
If you are not the intended recipient, please delete the message and any attachments and notify the sender as soon as practicable
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Moudrick M. Dadashov via Public
Sent: 28 November 2016 22:59
To: CA/Browser Forum Public Discussion List
Cc: Moudrick M. Dadashov
Subject: Re: [cabfpub] When to stop accepting old ETSI audits?
Yes, July 2017 is reasonable - the new ones require extra bureaucracy with the supervisors.
Thanks,
M.D.
On 11/28/2016 3:44 PM, Gervase Markham via Public wrote:
Dear CAB Forum members,
Ballot 171, passed on 1st July 2016, updated the BRs to remove the old
ETSI criteria (ETSI TS 101 456 V1.4.3 or ETSI TS 102 042 V2.3.1) and add
the new ones (ETSI EN 319 411-1 v1.1.1 or ETSI EN 319 411-2 v2.1.1).
This change was made in BRs v.1.3.6. However, no dates were associated
with the change.
Mozilla CA Policy 2.3 (about to be published) permits either set of
criteria to be used.
By what date would it be reasonable for Mozilla to require that all new
ETSI audits use the new criteria?
Inigo says that eIDAS (which, of course, refers only to the issuance of
Qualified certificates) have specified July 2017 as the end date for the
old criteria. Would that be a reasonable choice?
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161128/145b7b56/attachment-0003.html>
More information about the Public
mailing list