Thank you for responding Matthias.

On Wed, Apr 11, 2018 at 10:52 AM, m.wiedenhorst--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

>
> Hi Wayne
>
> > Can anyone say if an equivalent public-facing
> > report exists for ETSI audits? If so, I think we should require CAs to
> > provide these reports with their root inclusion requests.
>
> ETSI does require reports on key ceremonies (ETSI EN 319 411-1, 6.5.1 g).
> But ETSI does NOT require these reports to be public.
>
> Does ETSI ALLOW these reports to be public? In other words, could Mozilla
require CAs to publish them?

Best regards
> Matthias Wiedenhorst
>
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to