Thanks Juergen, you are of course correct, I found them after I sent my original note.
Yes, thanks Juergen and others for providing more detailed information. I haven't had a chance to look through it all, but I will definitely be doing so.
I still think that an understanding of the RegTP process is required, we certainly need to know for instance, if they accredit specific CAs or just the organisation.
Based on my reading of the registration notice that Juergen supplied, the registration/accreditation (TUVIT.09401.SE.12.1998) was for the TeleSec service/organization as a whole. If I recall correctly this is true for a lot of WebTrust audits as well: the audit covers multiple CAs operated by a single entity, including
Large suppliers like Deutche Telekom are likely to have many CAs, not all necessarily operated at the same level of trust.
My understanding is that Deutsche Telekom/T-Systems operates two separate CA hierarchies; the first is rooted in Deutsche Telekom Root CA 1, the second rooted in Deutsche Telekom Root CA 2. It also appears that Deutsche Telekom/T-Systems also operates (or operated) at least one CA service as an intermediate CA under the GTE CyberTrust root
This is not easy stuff especially if a global standard is required.
Indeed :-)
Frank
P.S. In googling for
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
