[cabfpub] Ballot proposal - Update Section 8.4 for CA audit criteria
Ryan Sleevi
sleevi at google.com
Mon Apr 16 07:21:23 MST 2018
On Sun, Apr 15, 2018 at 2:18 AM, Dimitris Zacharopoulos via Public <
public at cabforum.org> wrote:
>
> I am looking for two endorsers for the following ballot.
>
> Dimitris.
>
> *Ballot XXX - Update Section 8.4 for CA audit criteria*
>
> The following motion has been proposed by Dimitris Zacharopoulos of HARICA
> and endorsed by ___ and ___
>
> *Background*:
>
> Section 8.4 of the Baseline Requirements describes the audit criteria for
> CAs that issue Publicly-Trusted SSL/TLS Certificates. This ballot attempts
> to achieve two things:
>
> 1. Remove the old ETSI TS documents
> 2.
>
> Align the WebTrust <https://www.cabforum.org/wiki/WebTrust> and ETSI
> requirements
>
> "WebTrust <https://www.cabforum.org/wiki/WebTrust> for Certification
> Authorities" is equivalent to "ETSI EN 319 401" and "WebTrust
> <https://www.cabforum.org/wiki/WebTrust> Principles and Criteria for
> Certification Authorities – SSL Baseline with Network Security" is the
> equivalent of "ETSI EN 319 411-1".
>
> *-- MOTION BEGINS --*
>
> Replace the first two numbered items in section 8.4 of the Baseline
> Requirements from:
>
> 1.
>
> WebTrust <https://www.cabforum.org/wiki/WebTrust> for Certification
> Authorities v2.0;
> 2. A national scheme that audits conformance to ETSI TS 102 042 / ETSI
> EN 319 411-1; or
>
> to:
>
> 1.
>
> WebTrust <https://www.cabforum.org/wiki/WebTrust> Principles and
> Criteria for Certification Authorities – SSL Baseline with Network
> Security;
> 2. A national scheme that audits conformance to ETSI EN 319 411-1; or
>
>
As noted several times that this has come up in the past, your proposed
change to #1 is meaningfully and substantially different than what is
currently required. You are proposing *changing* the audit scheme to a more
restrictive set. That's something in the past that browsers have objected
to, and for good reason.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180416/bd9c9d24/attachment-0001.html>
More information about the Public
mailing list