Yes, we removed it as redundant because the "national scheme" seems to
apply to auditor qualifications (or accreditation), that is already
described in section 8.2 as we mentioned on April 15th
(https://cabforum.org/pipermail/public/2018-April/013237.html).
Arno, what you describe as "define more precise requirements on
standards for conducting the audits", mainly affects section 8.2 and not
8.4 that this ballot tries to update. My understanding is that the
current ballot language clarifies and aligns both standard schemes
(WebTrust and ETSI) and is rather uncontroversial.
As Tim said, if new information is brought forward, we don't need to
withdraw the ballot but delay the voting start date so please provide
more feedback if there are is any ambiguity introduced, compared to the
previous language.
Thank you,
Dimitris.
On 23/4/2018 7:01 μμ, Moudrick M. Dadashov via Public wrote:
Tim, the latest ballot doesn't have "national scheme", its gone...
Thanks,
M.D.
On 4/23/2018 5:53 PM, Tim Hollebeek via Public wrote:
There’s no need to postpone the discussion phase, as the discussion
phase can last for as long as is necessary to get the ballot to where
we want it to be. That’s why it’s listed as 7+ days. The end time
should be listed as “not before 30 April 2018” instead of “30 April
2018”, in line with what we did for other recent ballots.
Also, it is worth mentioning that this ballot came out of an
oversight by the Governance Change Working Group, where we
accidentally didn’t include Dimitris’ changes in the Governance
Reform ballot, despite the fact that we said we were going to. It
would be a shame to hold up these improvements for a long time by
tying them to other larger efforts. I could be wrong, but “define
more precise requirements on standards for conducting the audits” by
referencing new standards sounds like something that could take a
long while to get agreement on.
Fixing the definition of “national scheme” sounds much more doable,
and suggesting a concrete proposal of how it could be done would help.
-Tim
*From:*Public [mailto:[email protected]] *On Behalf Of
*Arno Fiedler via Public
*Sent:* Monday, April 23, 2018 10:27 AM
*To:* [email protected]
*Cc:* [email protected]; ESI_TSP: (ESI Trust Service
Providers) <[email protected]>
*Subject:* Re: [cabfpub] Ballot 223 - Update BR Section 8.4 for CA
audit criteria: Request to postpone it
Dear CA/B-Forum Members,
sorry for jumping in late, Dimitris and Moudrick, many thanks for the
proposed ballot.
After checking different Browser Requirements I strongly suggest to
postpone the discussion phase ballot 223 on "Updating BR Section 8.4".
We should have further improvements on the definitions,
esp. of "national scheme" ( e. g. within EA or IAF Framework) and
define more precise requirements on standards for conducting the
audits, (e. g. ISO/IEC 17065 supplemented by ETSI EN 319 403)
so I suggest to postpone the start of the discussion phase on May,
the 7th.
Would realy like to cover the audit requirements from all browsers by
the Ballot, so more time is needed.
Thanks in advance and best regards
Arno Fiedler
Am 23.04.2018 um 07:18 schrieb Dimitris Zacharopoulos via Public:
The following motion has been proposed by Dimitris Zacharopoulos
of HARICA and endorsed by Moudrick M. Dadashov of SSC and Tim
Hollebeek from Digicert.
*Background*:
Section 8.4 of the Baseline Requirements describes the audit
criteria for CAs that issue Publicly-Trusted SSL/TLS
Certificates. This ballot attempts to achieve two things:
1. Remove the old ETSI TS documents
2. Align the WebTrust and ETSI requirements
"WebTrust for Certification Authorities" is equivalent to "ETSI
EN 319 401" and "WebTrust Principles and Criteria for
Certification Authorities – SSL Baseline with Network Security"
is equivalent to "ETSI EN 319 411-1".
*-- MOTION BEGINS --*
Replace the first two numbered items in section 8.4 from:
1. WebTrust for Certification Authorities v2.0;
2. A national scheme that audits conformance to ETSI TS 102 042
/ ETSI EN 319 411-1; or
to:
1. "WebTrust for CAs v2.0 or newer" AND "WebTrust for CAs SSL
Baseline with Network Security v2.2 or newer"; or
2. "ETSI EN 319 401 v2.1.1 or newer" AND "ETSI EN 319 411-1
v1.1.1"; or
*-- MOTION ENDS --*
The procedure for this ballot is as follows (exact start and end
times may be adjusted to comply with applicable Bylaws and IPR
Agreement):
*BALLOT 223 Status: Update BR Section 8.4 for CA audit criteria*
*Start time (22:00 UTC)*
*End time (22:00 UTC)*
Discussion (7+ days)
23 April 2018
30 April 2018
Vote for approval (7 days)
TBD
TBD according to voting start time
If vote approves ballot: Review Period (Chair to send Review
Notice) (30 days)
If Exclusion Notice(s) filed, ballot approval is rescinded and
PAG to be created.
If no Exclusion Notices filed, ballot becomes effective at end of
Review Period.
Votes must be cast by posting an on-list reply to this thread on
the Public Mail List.
Upon filing of Review Notice by Chair
30 days after filing of Review Notice by Chair
From the Bylaws section 2.4(a): "If the Draft Guideline Ballot is
proposing a Final Maintenance Guideline, such ballot will include
a redline or comparison showing the set of changes from the Final
Guideline section(s) intended to become a Final Maintenance
Guideline, and need not include a copy of the full set of
guidelines. Such redline or comparison shall be made against the
Final Guideline section(s) as they exist at the time a ballot is
proposed, and need not take into consideration other ballots that
may be proposed subsequently, except as provided in Section
2.4(j) below".
Votes must be cast by posting an on-list reply to this thread on
the Public list. A vote in favor of the motion must indicate a
clear 'yes' in the response. A vote against must indicate a clear
'no' in the response. A vote to abstain must indicate a clear
'abstain' in the response. Unclear responses will not be counted.
The latest vote received from any representative of a voting
member before the close of the voting period will be counted.
Voting members are listed here: https://cabforum.org/members/
<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmembers%2F&data=02%7C01%7C%7Cd1ece9170b4c412118c308d5a8d9b97b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636600575423532305&sdata=%2BtkvNa%2FRWMg%2BMi3aHyR4HnvwLA%2FDp5yqBCe7twDbuUs%3D&reserved=0>
In order for the motion to be adopted, two thirds or more of the
votes cast by members in the CA category and greater than 50% of
the votes cast by members in the browser category must be in
favor. Quorum is shown on CA/Browser Forum wiki. Under the Bylaws
section 2.3(g), at least the required quorum number must
participate in the ballot for the ballot to be valid, either by
voting in favor, voting against, or abstaining.
_______________________________________________
Public mailing list
[email protected] <mailto:[email protected]>
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fpublic&data=02%7C01%7C%7Cd1ece9170b4c412118c308d5a8d9b97b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636600575423532305&sdata=y2KaTimAOv%2FA%2FjMTaDpP1C9MPVG%2FPtTTxL9RPUE78pc%3D&reserved=0
--
Arno Fiedler
Nimbus Technologieberatung GmbH
Reichensteiner Weg 17
14195 Berlin
Mobil: 0049-(0)172-3053272
Fax: 0049-(0)30-89745-777
E-Mail:[email protected] <mailto:[email protected]>
Web:www.nimbus-berlin.com
<https://clicktime.symantec.com/a/1/ZkMg4lf2QLN5xtF6BtrL1-wzNDD7Dq-y6pBn5TpZJYA=?d=UHo2Qz9CW7I04zEs37QU2ZPO7JgcLOhepmWY8i9XMIXkHN7Uxxcl7LOnLuy6DMHWLlZ4M3W7YH53fij_k6wPI-URHX4RR4ewze4_dNA77EqoEYf1LT7tyxjTEghcECLGQOni-Dn4UeLOOXZ9xqEh-Ta_n9ti9HoDEbK0BrHvQeqY9NvWby5NOiX7SuDaQoqB57iND11htveXS7AylirpKMHhOCPaAF9n7QNqE6GAk1djNSvPh6O7nNDyI5tSzGSgilrGyQLxWbKY9U2Ddmxt4iwp496mM6VLEaduEQUUKiuRVLjkLg6hishWSvKzc2FruqJ1X3Tgu3u_uwQifCmNyZz0Eaga63npSeBSGO6YzvQZXpDSQbrm_HpRIX9uDUsZArOluVWLyioGSu5sEeKw4d6PB0JkwUxnefRgnDUBUdKrF3eQt_RMwGmEnTQZ83dI6IB-2s7SgCvouwbIov8HwZTlDhrShmU%3D&u=http%3A%2F%2Fwww.nimbus-berlin.com>
Geschäftsführer: Arno Fiedler
USt-IdNr. : DE 203 269 920
D-U-N-S® Nr. 50-730-8117
HandelsregisterNr:HRB 109409 B
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
