On Sun, Apr 15, 2018 at 2:18 AM, Dimitris Zacharopoulos via Public < email@example.com> wrote:
> > I am looking for two endorsers for the following ballot. > > Dimitris. > > *Ballot XXX - Update Section 8.4 for CA audit criteria* > > The following motion has been proposed by Dimitris Zacharopoulos of HARICA > and endorsed by ___ and ___ > > *Background*: > > Section 8.4 of the Baseline Requirements describes the audit criteria for > CAs that issue Publicly-Trusted SSL/TLS Certificates. This ballot attempts > to achieve two things: > > 1. Remove the old ETSI TS documents > 2. > > Align the WebTrust <https://www.cabforum.org/wiki/WebTrust> and ETSI > requirements > > "WebTrust <https://www.cabforum.org/wiki/WebTrust> for Certification > Authorities" is equivalent to "ETSI EN 319 401" and "WebTrust > <https://www.cabforum.org/wiki/WebTrust> Principles and Criteria for > Certification Authorities – SSL Baseline with Network Security" is the > equivalent of "ETSI EN 319 411-1". > > *-- MOTION BEGINS --* > > Replace the first two numbered items in section 8.4 of the Baseline > Requirements from: > > 1. > > WebTrust <https://www.cabforum.org/wiki/WebTrust> for Certification > Authorities v2.0; > 2. A national scheme that audits conformance to ETSI TS 102 042 / ETSI > EN 319 411-1; or > > to: > > 1. > > WebTrust <https://www.cabforum.org/wiki/WebTrust> Principles and > Criteria for Certification Authorities – SSL Baseline with Network > Security; > 2. A national scheme that audits conformance to ETSI EN 319 411-1; or > > As noted several times that this has come up in the past, your proposed change to #1 is meaningfully and substantially different than what is currently required. You are proposing *changing* the audit scheme to a more restrictive set. That's something in the past that browsers have objected to, and for good reason.
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public