Hi Wayne > Can anyone say if an equivalent public-facing > report exists for ETSI audits? If so, I think we should require CAs to > provide these reports with their root inclusion requests.
ETSI does require reports on key ceremonies (ETSI EN 319 411-1, 6.5.1 g). But ETSI does NOT require these reports to be public. Best regards Matthias Wiedenhorst _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
