[Servercert-wg] Ballot SC38 - Alignment of Record Archival

Ryan Sleevi sleevi at google.com
Wed Dec 16 14:41:45 UTC 2020


On Wed, Dec 16, 2020 at 3:31 AM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:

>
>
> On 15/12/2020 6:42 μ.μ., Ryan Sleevi via Servercert-wg wrote:
> > I realize this might sound like an argument for RA audits (which
> > WebTrust provides, while ETSI... doesn't)
>
> This was first discussed in Cupertino.
> -
>
> https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#WebTrust-for-RAs
>
> ETSI supports RA audits which are practically scoped audits based on
> ETSI EN 319 401, 411-1, 411-2.
>
> The way ETSI documents are structured, tagging the requirements per
> function, it is possible to have such audits only for RAs. This is not
> the first time you encounter this, so I might be missing something in
> your statement that "ETSI... doesn't".
>

We can certainly start a discussion on this topic, but I suspect that we'll
be unlikely to reach agreement. The practices around what ETSI-using CABs
refer to as RA audits are different in kind and quantity, and so while
you're entirely correct to point out that ETSI-using CABs have a service
that they might refer to as an RA audit, is different in kind, structure,
consistency, and objective, and is not what I would capture as aligned with
expectations or needs in this case. Just because a tape measure is called a
hammer by a particular vendor does not actually make it a hammer, even
though, if you don't mind hurting yourself, you can sometimes pretend it is.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20201216/f9303ce8/attachment.html>


More information about the Servercert-wg mailing list