[cabfpub] When to stop accepting old ETSI audits?

Miskovic Peter Peter.Miskovic at disig.sk
Tue Nov 29 07:10:24 UTC 2016


Hi Richard,
according my opinion this is true only for those audits which TSP shall provide for the supervisory body (eIDAS Regulation Article 17) at least every 24 month. Mozilla is not such supervisory body so it’s on their decision what will be accepted. I agree with Inigo and Moudrick that the July 1, 2017 is reasonable date because at June 30, 2017 ends transitional measure (eIDAS Regulation, Artice 51 (3)) for submitting conformity assessment report to the supervisory body according eIDAS regulation. So all EU TSP  which are qualified TSP now due the transitional measure (eIDAS Regulation, Artice 51 (3))  still has a time to wait  with such type of audit.

Regards
Peter

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of tScheme Technical Manager via Public
Sent: Tuesday, November 29, 2016 12:59 AM
To: 'Moudrick M. Dadashov' <md at ssc.lt>; 'CA/Browser Forum Public Discussion List' <public at cabforum.org>
Cc: tScheme Technical Manager <richard.trevorah at tScheme.org>
Subject: Re: [cabfpub] When to stop accepting old ETSI audits?

That is certainly true in some Member States (UK included) but is doesn’t alter fact that eIDAS came into force on 1st July 2016 and any Conformity Assessment Report submitted after that date would have to demonstrate compliance with the eIDAS regulation – and the old ETSI TS are not sufficient for that purpose.

However, I believe that some MS have produced their Supervisory Body requirements (e.g. LU, MT & SE) and there are also some very detailed guidelines being drafted by ENISA that can be viewed at https://www.enisa.europa.eu/topics/trust-services/guidelines/

Cheers
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited

M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311

http://www.tscheme.org
------------------------------------

The information in this message and, if present, any attachments are intended solely for the attention and use of the named addressee(s). The content of this e-mail and its attachments is confidential and may be legally privileged. Unless otherwise stated, any use or disclosure is unauthorised and may be unlawful.

If you are not the intended recipient, please delete the message and any attachments and notify the sender as soon as practicable


From: Moudrick M. Dadashov [mailto:md at ssc.lt]
Sent: 28 November 2016 23:33
To: tScheme Technical Manager; 'CA/Browser Forum Public Discussion List'
Subject: Re: [cabfpub] When to stop accepting old ETSI audits?

Indeed, Richard, but unfortunately what used to be a single step (audit) now needs two steps - the TSPs need to meet also the [non-existing] supervisor requirements.

Thanks,
M.D.
On 11/29/2016 1:05 AM, tScheme Technical Manager wrote:
Technically, eIDAS gave July 2016 as the cutoff but allowed one year for transition. However, it states that any audits after July 2016 must use new requirements.

Cheers
Richard
------------------------------------
Richard Trevorah
Technical Manager
tScheme Limited

M: +44 (0) 781 809 4728
F: +44 (0) 870 005 6311

http://www.tscheme.org
------------------------------------

The information in this message and, if present, any attachments are intended solely for the attention and use of the named addressee(s). The content of this e-mail and its attachments is confidential and may be legally privileged. Unless otherwise stated, any use or disclosure is unauthorised and may be unlawful.

If you are not the intended recipient, please delete the message and any attachments and notify the sender as soon as practicable


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Moudrick M. Dadashov via Public
Sent: 28 November 2016 22:59
To: CA/Browser Forum Public Discussion List
Cc: Moudrick M. Dadashov
Subject: Re: [cabfpub] When to stop accepting old ETSI audits?

Yes, July 2017 is reasonable - the new ones require extra bureaucracy with the supervisors.

Thanks,
M.D.
On 11/28/2016 3:44 PM, Gervase Markham via Public wrote:

Dear CAB Forum members,



Ballot 171, passed on 1st July 2016, updated the BRs to remove the old

ETSI criteria (ETSI TS 101 456 V1.4.3 or ETSI TS 102 042 V2.3.1) and add

the new ones (ETSI EN 319 411-1 v1.1.1 or ETSI EN 319 411-2 v2.1.1).

This change was made in BRs v.1.3.6. However, no dates were associated

with the change.



Mozilla CA Policy 2.3 (about to be published) permits either set of

criteria to be used.



By what date would it be reasonable for Mozilla to require that all new

ETSI audits use the new criteria?



Inigo says that eIDAS (which, of course, refers only to the issuance of

Qualified certificates) have specified July 2017 as the end date for the

old criteria. Would that be a reasonable choice?



Gerv

_______________________________________________

Public mailing list

Public at cabforum.org<mailto:Public at cabforum.org>

https://cabforum.org/mailman/listinfo/public


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161129/fedc1c40/attachment-0003.html>


More information about the Public mailing list