[cabfpub] Does the CA/Browser Forum provide guidance on the Baseline Requirements?

Kirk Hall Kirk.Hall at entrustdatacard.com
Fri Mar 3 20:39:48 UTC 2017 

I agree, Gerv.  

One possibly more significant objection to unstructured opining on questions from auditors currently conducting an audit -- that puts Forum members right in the middle of the audit relationship between the auditor and his or her CA client.  A Forum member who opines on interpretation of a broad provision runs the risk of causing audit failure for that CA -- something I think is not a good idea, and could arguably give rise to potential legal liability in extreme cases.

In my view, auditors with a question of interpretation should first consult with other WebTrust auditors in their own company, and then should pose their questions to CPA Canada's WebTrust Board for formal response.  If the CPA Canada WebTrust Board thinks it necessary, they (and only they) could then ask the Forum for advice -- which we should only give after a very formal discussion among ourselves and a formal agreed position.

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
Sent: Friday, March 3, 2017 9:30 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>
Subject: Re: [cabfpub] Does the CA/Browser Forum provide guidance on the Baseline Requirements?

On 25/02/17 02:54, Ryan Sleevi via Public wrote:
> I am deeply concerned and dismayed by such an answer, and expressed 
> this to these members. I believe that this is a core role of the 
> CA/Browser
> Forum: To ensure the Requirements are clear and unambiguous whenever 
> possible, to provide guidance as to the intent and interpretation when 
> necessary, and to strive to resolve any ambiguity in the documents 
> themselves whenever possible.

I think we should resolve ambiguities within the documents; whether we should provide guidance in the meantime is a separate question. The way the Forum expresses its view is via ballots which change documents; we don't really have a way of expressing a consensus opinion without doing that.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list