Dear Ryan! > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On > Behalf Of Ryan Sleevi via dev-security-policy > Sent: Freitag, 3. Juli 2020 23:30 > To: Peter Bowen <pzbo...@gmail.com> > Cc: Ryan Sleevi <r...@sleevi.com>; Pedro Fuentes <pfuente...@gmail.com>; > mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous > Delegated Responder Cert > > On Fri, Jul 3, 2020 at 4:19 PM Peter Bowen <pzbo...@gmail.com> wrote: > > I agree that we cannot make blanket statements that apply to all CAs, > > but these are some examples where it seems like there are alternatives > > to key destruction. > > > > Right, and I want to acknowledge, there are some potentially viable paths > specific to WebTrust, for which I have no faith with respect > to ETSI precisely because of the nature and design of ETSI audits, that, in > an ideal world, could provide the assurance desired.
Could you elaborate a little bit further, why you don't have "faith in respect to ETSI"? I have to admit, I never totally understood your concerns with ETSI audits because a simple comparison between WebTrust test requirements and ETSI test requirements don't show a lot of differences. If requirements are missing, we should discuss them with ETSI representatives to have them included in one of the next updates. With best regards, Rufus Buschart Siemens AG Siemens Operations Information Technology Value Center Core Services SOP IT IN COR Freyeslebenstr. 1 91058 Erlangen, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.twitter.com/siemens www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Klaus Helmrich, Cedrik Neike, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
