Bonjour, Le jeudi 11 septembre 2014 11:08:42 UTC+2, [email protected] a écrit : > Dear Mozilla Community, > > This is an unofficial statement from the Auditor (DNBCONS) in order to > clarify certain points discussed on this thread: > > 1)Is important to read promptly the *Scope* of our Audits, as you can see > "ANF Server CA" hierarchy is not in the scope of none of the Audit Reports > regarding this request/thread. Thus we cannot give an Audit opinion regarding > to "ANF Server CA" and the stated concerns showed in this request/thread.
That's a problem. This CA is referenced by the Spanish TSL for production of Qualified certificates, I guess it has been audited based on ETSI TS101456. > 2)Additionally the WT EV Audit was "Point of Time". We reviewed the unique > sample EV certificate issued in the Audit Dates and in our Auditor's opinion > it was compliant and obviously it included the serialNumber as required by > section 9.2.6 and it was issued to a legal entity (in Spain a physical person > can act as a legal entity - Freelance Worker/" Empresario Autónomo"). A "Freelance worker" or "Empresario Autonomo" is fine, if it fits one of the categories defined by EV Guidelines (Private Organization, Business Entity, etc). If the entity designated by the certificate doesn't fit one of those 4 categories, then this entity isn't entitled to obtain an EV certificate. The sample EV certificate presented here was for a "Private Organization", therefore my asking. It wasn't an identified non-compliance, merely a request for clarification. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
