[cabfpub] Ballot 223 - Update BR Section 8.4 for CA audit criteria

Arno Fiedler arno.fiedler at nimbus-berlin.com
Fri Apr 27 14:08:27 UTC 2018


Hello Dimitris,
please change the proposed text
--------------------------------------
"ETSI EN 319 401 v2.1.1 or newer" AND "ETSI EN 319 411-1 v1.1.1
---------------------------------------
to
------------------------------------
"ETSI EN 319 411-1 v1.1.1 or later, or ETSI EN 319 411-2 v.2.1.1 or later."
------------------------------------------
EN 319 401 "General Policy Requirements for Trust Service Providers" 
covers the basic (eIDAS-) Requirements

I still propose a longer discussing phase >21 days.
Best regards
Arno/


/


Am 27.04.2018 um 13:58 schrieb Dimitris Zacharopoulos via Public:
> On 27/4/2018 2:21 μμ, Arno Fiedler via Public wrote:
>>
>> Hello Dimitris,
>>
>> so starting at Mai 1th is fine, if we get 21 days for discussion.
>>
>> Best regards
>>
>> arno
>>
>
> Hi Arno,
>
> The discussion has already begun on April 23rd. As already discussed, 
> if no new information is presented, the final ballot (with no changes) 
> will be sent, probably on April 30, stating that the voting will begin 
> on May 1st with no more possible updates to the ballot.
>
>
> Best Regards,
> Dimitris.
>>
>>
>> Am 27.04.2018 um 07:39 schrieb Dimitris Zacharopoulos via Public:
>>>
>>> So far the discussion has been quiet which either means people 
>>> generally agree with the ballot or that nobody had time to review it :-)
>>>
>>> I plan on starting the voting period on May 1st unless we hear some 
>>> strong objections.
>>>
>>>
>>> Best Regards,
>>> Dimitris.
>>>
>>>
>>> On 23/4/2018 8:18 πμ, Dimitris Zacharopoulos via Public wrote:
>>>>
>>>>
>>>> The following motion has been proposed by Dimitris Zacharopoulos of 
>>>> HARICA and endorsed by Moudrick M. Dadashov of SSC and Tim 
>>>> Hollebeek from Digicert.
>>>>
>>>> *Background*:
>>>>
>>>> Section 8.4 of the Baseline Requirements describes the audit 
>>>> criteria for CAs that issue Publicly-Trusted SSL/TLS Certificates. 
>>>> This ballot attempts to achieve two things:
>>>>
>>>>  1. Remove the old ETSI TS documents
>>>> 2.
>>>>
>>>>     Align the WebTrust and ETSI requirements
>>>>
>>>> "WebTrust for Certification Authorities" is equivalent to "ETSI EN 
>>>> 319 401" and "WebTrust Principles and Criteria for Certification 
>>>> Authorities – SSL Baseline with Network Security" is equivalent to 
>>>> "ETSI EN 319 411-1".
>>>>
>>>> *-- MOTION BEGINS --*
>>>>
>>>> Replace the first two numbered items in section 8.4 from:
>>>>
>>>> 1.
>>>>
>>>>     WebTrust for Certification Authorities v2.0;
>>>>
>>>>  2. A national scheme that audits conformance to ETSI TS 102 042 /
>>>>     ETSI EN 319 411-1; or
>>>>
>>>> to:
>>>>
>>>> 1.
>>>>
>>>>     "WebTrust for CAs v2.0 or newer" AND "WebTrust for CAs SSL
>>>>     Baseline with Network Security v2.2 or newer"; or
>>>>
>>>>  2. "ETSI EN 319 401 v2.1.1 or newer" AND "ETSI EN 319 411-1
>>>>     v1.1.1"; or
>>>>
>>>> *-- MOTION ENDS --*
>>>>
>>>> The procedure for this ballot is as follows (exact start and end 
>>>> times may be adjusted to comply with applicable Bylaws and IPR 
>>>> Agreement):
>>>>
>>>> *BALLOT 223 Status: Update BR Section 8.4 for CA audit criteria*
>>>>
>>>> 	
>>>>
>>>> *Start time (22:00 UTC)*
>>>>
>>>> 	
>>>>
>>>> *End time (22:00 UTC)*
>>>>
>>>> Discussion (7+ days)
>>>>
>>>> 	
>>>>
>>>> 23 April 2018
>>>>
>>>> 	
>>>>
>>>> 30 April 2018
>>>>
>>>> Vote for approval (7 days)
>>>>
>>>> 	
>>>>
>>>> TBD
>>>>
>>>> 	
>>>>
>>>> TBD according to voting start time
>>>>
>>>> If vote approves ballot: Review Period (Chair to send Review 
>>>> Notice) (30 days)
>>>> If Exclusion Notice(s) filed, ballot approval is rescinded and PAG 
>>>> to be created.
>>>> If no Exclusion Notices filed, ballot becomes effective at end of 
>>>> Review Period.
>>>> Votes must be cast by posting an on-list reply to this thread on 
>>>> the Public Mail List.
>>>>
>>>> 	
>>>>
>>>> Upon filing of Review Notice by Chair
>>>>
>>>> 	
>>>>
>>>> 30 days after filing of Review Notice by Chair
>>>>
>>>> From the Bylaws section 2.4(a): "If the Draft Guideline Ballot is 
>>>> proposing a Final Maintenance Guideline, such ballot will include a 
>>>> redline or comparison showing the set of changes from the Final 
>>>> Guideline section(s) intended to become a Final Maintenance 
>>>> Guideline, and need not include a copy of the full set of 
>>>> guidelines. Such redline or comparison shall be made against the 
>>>> Final Guideline section(s) as they exist at the time a ballot is 
>>>> proposed, and need not take into consideration other ballots that 
>>>> may be proposed subsequently, except as provided in Section 2.4(j) 
>>>> below".
>>>>
>>>> Votes must be cast by posting an on-list reply to this thread on 
>>>> the Public list. A vote in favor of the motion must indicate a 
>>>> clear 'yes' in the response. A vote against must indicate a clear 
>>>> 'no' in the response. A vote to abstain must indicate a clear 
>>>> 'abstain' in the response. Unclear responses will not be counted. 
>>>> The latest vote received from any representative of a voting member 
>>>> before the close of the voting period will be counted. Voting 
>>>> members are listed here: https://cabforum.org/members/ 
>>>> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmembers%2F&data=02%7C01%7C%7C38331e54981341187a6508d5ac014ae7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636604043901501245&sdata=hxkdSje8Fvk6xsS942EenBP2jU43pcvRSv0gJIPJ4fg%3D&reserved=0> 
>>>>
>>>>
>>>> In order for the motion to be adopted, two thirds or more of the 
>>>> votes cast by members in the CA category and greater than 50% of 
>>>> the votes cast by members in the browser category must be in favor. 
>>>> Quorum is shown on CA/Browser Forum wiki. Under the Bylaws section 
>>>> 2.3(g), at least the required quorum number must participate in the 
>>>> ballot for the ballot to be valid, either by voting in favor, 
>>>> voting against, or abstaining.
>>>>
>>>>
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public at cabforum.org
>>>> https://cabforum.org/mailman/listinfo/public
>>>
>>>
>>>
>>> _______________________________________________
>>> Public mailing list
>>> Public at cabforum.org
>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7C%7C38331e54981341187a6508d5ac014ae7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636604043901657497&sdata=yfcaS78wsAZVH7wtKQ5APB%2F0ejm2tk%2BtxzSu6vwz3HM%3D&reserved=0
>>
>> -- 
>> Arno Fiedler
>> Nimbus Technologieberatung GmbH
>> Reichensteiner Weg 17
>> 14195 Berlin
>> Mobil:      0049-(0)172-3053272
>> Fax:        0049-(0)30-89745-777
>> E-Mail:arno.fiedler at nimbus-berlin.com
>> Web:www.nimbus-berlin.com
>> Geschäftsführer:  Arno Fiedler
>> USt-IdNr. :       DE 203 269 920
>> D-U-N-S® Nr.      50-730-8117
>> HandelsregisterNr:HRB 109409 B
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7C%7C3c87c7d9811346a665a408d5ac364b00%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636604271537492849&sdata=lMCiXnkjP9TKMGovj%2BZM5msLUCl4Olfp9wPFvMaOXwo%3D&reserved=0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180427/c3c23224/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: arno_fiedler.vcf
Type: text/x-vcard
Size: 302 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180427/c3c23224/attachment-0003.vcf>


More information about the Public mailing list