HARICA votes "yes" for ballot 171. Dimitris.
> > On 06/24/2016 06:56 PM, Ben Wilson wrote: >> >> I’ve updated the text in GitHub and in so doing made a few minor >> grammatical changes to the proposed revision of section 17.4 of the >> EV Guidelines so that it would read as follows: >> >> >> >> (4) If the CA does not have a currently valid WebTrust Seal of >> Assurance for CAs or an ETSI TS 102 042 EVCP audit or an ETSI EN 319 >> 411-1 audit for EVCP policy, then, before issuing EV Certificates, >> the CA and its Root CA MUST successfully complete either: (i) a >> point-in-time readiness assessment audit against the WebTrust for CA >> Program, or (ii) a point-in-time readiness assessment audit against >> the WebTrust EV Program, the ETSI TS 102 042 EVCP, or the ETSI EN 319 >> 411-1 for EVCP policy. >> >> >> >> IMHO – I think we could start voting on the revised ballot at 2200 >> UTC because the changes to the language have been relatively minor >> since the ballot was released last week. >> >> >> >> Ben >> >> >> >> *From:* [email protected] >> [mailto:[email protected]] *On Behalf Of *Barreira >> Iglesias, Iñigo >> *Sent:* Friday, June 24, 2016 4:47 AM >> *To:* '[email protected]' <[email protected]> >> *Subject:* [cabfpub] ballot 171-updating ETSI Standards in CABF documents >> >> >> >> Hi, >> >> >> >> This is how the ballot will look like accepting the changes proposed >> by Erwann. As this has been done during the review period, and then >> the changes accepted during this period, would be enough to resubmit >> again as it is, or should we go thru another review period of 1 week. >> I´m not familiar with the procedure so if it´s ok as it´s now, the >> voting period will start tonight I think. >> >> Regards >> >> >> >> *Ballot 171 – Updating the ETSI standards in the CABF documents* >> >> The following motion has been proposed by Iñigo Barreira of Izenpe >> and endorsed by Mads Henriksveen of Buypass, Jochem van den Berge of >> Logius PKIoverheid and Arno Fiedler of D-trust >> >> >> >> -- MOTION BEGINS – >> >> *In the BRs,* >> >> In section 1.6.3 References, change: >> >> ETSI TS 119 403, Electronic Signatures and Infrastructures (ESI); >> Trust Service Provider Conformity Assessment ‐ General Requirements >> and Guidance. >> >> With >> >> ETSI EN 319 403, Electronic Signatures and Infrastructures (ESI); >> Trust Service Provider Conformity Assessment - Requirements for >> conformity assessment bodies assessing Trust Service Providers >> >> >> >> and add: >> >> >> >> ETSI EN 319 411-1, Electronic Signatures and Infrastructures (ESI); >> Policy and security requirements for Trust Service Providers issuing >> certificates; >> >> Part 1: General requirements >> >> >> >> In section 8.2 Identity/qualification of assessor, point 4, change: >> >> 4. (For audits conducted in accordance with any one of the ETSI >> standards) accredited in accordance with ETSI TS 119 403, or >> accredited to conduct such audits under an equivalent national >> scheme, or accredited by a national accreditation body in line with >> ISO 27006 to carry out ISO 27001 audits; >> >> >> >> With >> >> >> >> 4. (For audits conducted in accordance with any one of the ETSI >> standards) accredited in accordance with ISO 17065 applying the >> requirements specified in ETSI EN 319 403; >> >> >> >> >> >> In section 8.4 Topics covered by assessment, point 2, change: >> >> 2. A national scheme that audits conformance to ETSI TS 102 042; >> >> With >> >> 2. A national scheme that audits conformance to ETSI TS 102 042/ ETSI >> EN 319 411-1; >> >> *In the EV guidelines,* >> >> >> >> In section 8.2.1 Implementation, point (B), change: >> >> >> >> (B) Implement the requirements of (i) the then-current WebTrust >> Program for CAs, and (ii) the then-current WebTrust >> >> EV Program or ETSI TS 102 042; and >> >> >> >> With >> >> >> >> (B) Implement the requirements of (i) the then-current WebTrust >> Program for CAs, and (ii) the then-current WebTrust >> >> EV Program or ETSI TS 102 042 for EVCP or ETSI EN 319 411-1 for EVCP >> policy; and >> >> >> >> >> >> In section 8.2.2 Disclosure, change: >> >> >> >> The CA is also REQUIRED to publicly disclose its CA business >> practices as required by both WebTrust for CAs and ETSI TS 102 042. >> >> >> >> With >> >> >> >> The CA is also REQUIRED to publicly disclose its CA business >> practices as required by WebTrust for CAs and ETSI TS 102 042 and >> ETSI EN 319 411-1. >> >> >> >> >> >> In section 17.1 Eligible audit schemes, point (ii), change: >> >> >> >> (ii) ETSI TS 102 042 audit >> >> >> >> With >> >> >> >> (ii) ETSI TS 102 042 audit for EVCP, or >> >> (iii) ETSI EN 319 411-1 audit for EVCP policy >> >> >> >> >> >> In section 17.4 pre-issuance readiness audit, after point (2), add: >> >> >> >> >> >> (3) If the CA has a currently valid ETSI EN 319 411-1 audit for EVCP >> policy, then, before issuing EV Certificates, the CA and its Root CA >> MUST successfully complete a point-in-time readiness assessment audit >> against ETSI EN 319 411-1 for EVCP. >> >> >> >> and change: >> >> >> >> (3) If the CA does not have a currently valid WebTrust Seal of >> Assurance for CAs or an ETSI 102 042 audit, then, before >> >> issuing EV Certificates, the CA and its Root CA MUST successfully >> complete either: (i) a point-in-time readiness >> >> assessment audit against the WebTrust for CA Program, or (ii) a >> point-in-time readiness assessment audit against the >> >> WebTrust EV Program, or an ETSI TS 102 042 audit. >> >> >> >> With >> >> >> >> (4) If the CA does not have a currently valid WebTrust Seal of >> Assurance for CAs or or an ETSI TS 102 042 EVCP or an ETSI EN 319 >> 411-1 audit for EVCP policy, then, before issuing EV Certificates, >> the CA and its Root CA MUST successfully complete either: (i) a >> point-in-time readiness assessment audit against the WebTrust for CA >> Program, or (ii) a point-in-time readiness assessment audit against >> the WebTrust EV Program, or an ETSI TS 102 042 EVCP, or an ETSI EN >> 319 411-1 for EVCP policy. >> >> -- MOTION ENDS -- >> >> The review period for this ballot shall commence at 2200 UTC on 17 >> June 2016, and will close at 2200 UTC on 24 June 2016. Unless the >> motion is withdrawn during the review period, the voting period will >> start immediately thereafter and will close at 2200 UTC on 1 July >> 2016. Votes must be cast by posting an on-list reply to this thread. >> >> A vote in favor of the motion must indicate a clear 'yes' in the >> response. A vote against must indicate a clear 'no' in the response. >> A vote to abstain must indicate a clear 'abstain' in the response. >> Unclear responses will not be counted. The latest vote received from >> any representative of a voting member before the close of the voting >> period will be counted. Voting members are listed here: >> https://cabforum.org/members/ >> >> In order for the motion to be adopted, two thirds or more of the >> votes cast by members in the CA category and greater than 50% of the >> votes cast by members in the browser category must be in favor. >> Quorum is currently ten (10) members– at least ten members must >> participate in the ballot, either by voting in favor, voting against, >> or abstaining. >> >> >>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
