Yes, section 2.2 says: The CA SHALL publicly give effect to these Requirements and represent that it will adhere to the latest published version. The CA MAY fulfill this requirement by incorporating these Requirements directly into its Certificate Policy and/or Certification Practice Statements or by incorporating them by reference using a clause such as the following
but that does not mean that the BRs or the EVs are the standards to be used for being audited against, it´s to update the CP/CPS with these requirements. So you can have your documentation up to date but the standards in which the CA is going to be audited against, may not check this because it´s not reflected. It´s not the usual stuff, but the CABF documents are not “standards” in the sense that you can get an accreditation/audit against them, they serve you to create/maintain your documentation according to what the CABF requests and yes, at the end, what the CABF indicates has to be reflected in the audit standards. Iñigo Barreira Responsable del Área técnica [email protected]<mailto:[email protected]> 945067705 [Descripción: firma_email_Izenpe_eus] ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ! ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente. De: Dimitris Zacharopoulos [mailto:[email protected]] Enviado el: jueves, 23 de junio de 2016 10:43 Para: Barreira Iglesias, Iñigo CC: Erwann Abalea; [email protected] Asunto: Re: [cabfpub] Ballot 171 - Updating ETSI standards in CABF documents On 23/6/2016 11:04 πμ, Barreira Iglesias, Iñigo wrote: IB --> I don´t know when ETSI is going to withdraw the document but I´ve said repeatedly that the TS 102 042 hasn´t been updated for years, more than 2 years, and currently does not reflect any of the changes done in the CABF documents. It points to version 1.3 of the EV guidelines for example so I don´t think is a good idea to still use a standard which does not reflect updates for the last 2 years, even worst, still uses the old “style” and when referring some sections in the EV or BRs, these are invalid because the new BRs for example are following the RFC 3647 style, as well as the 411-1. Just a quick comment. Regardless of how old the ETSI or the Webtrust standards are, each CA/TSP must conform to the latest CA/B Forum BR and EV guidelines, and this is audited annually. Regards, Dimitris.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
