[Smcwg-public] Additional frameworks criteria - legal context

Christophe Bonjean christophe.bonjean at globalsign.com
Thu Sep 1 08:10:48 UTC 2022

Hi Stephen


The current version includes "legal context" as one of the criteria for
evaluating additional frameworks:


"Legal context: the framework SHALL be subject to regulatory provisions,
which describe the requirements imposed on the Certificate issuer/trust
service provider, the legal effects of the trust services, and the
corresponding Certificate levels;"


I assume that when the group considered additional frameworks, most of them
were regulatory frameworks based on a (national) regulation. However, to
which extent would a "legal context" and "legal effects of the trust
services" be a condition for evaluation? 


I wonder if the public availability of requirements ("best practices and
transparency") and assurance levels and corresponding identity validation
("identity validation") would provide sufficient information about the
framework to validate appropriateness and maybe we should omit "legal




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220901/749f160c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8436 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220901/749f160c/attachment-0001.p7s>

More information about the Smcwg-public mailing list