Thank you for responding Matthias. On Wed, Apr 11, 2018 at 10:52 AM, m.wiedenhorst--- via dev-security-policy < [email protected]> wrote:
> > Hi Wayne > > > Can anyone say if an equivalent public-facing > > report exists for ETSI audits? If so, I think we should require CAs to > > provide these reports with their root inclusion requests. > > ETSI does require reports on key ceremonies (ETSI EN 319 411-1, 6.5.1 g). > But ETSI does NOT require these reports to be public. > > Does ETSI ALLOW these reports to be public? In other words, could Mozilla require CAs to publish them? Best regards > Matthias Wiedenhorst > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
