In the past, what we used to check for “actively” issuing certs were some examples of recently issued certs from their roots that have public trust. This was in addition to the audit reqt.
From: Public <[email protected]> On Behalf Of Wayne Thayer via Public Sent: Thursday, January 24, 2019 1:16 PM To: CA/Browser Forum Public Discussion List <[email protected]> Subject: [cabfpub] Bylaws: Update Membership Criteria (section 2.1) On today's call we discussed a number of changes to the bylaws aimed at clarifying the rules for membership. The proposal for section 2.1(a)(1) resulting from today's discussion is: Certificate Issuer: The member organization operates a certification authority that has a publicly-available audit report or attestation statement that meets the following requirements: * Is based on the full, current version of the WebTrust for CAs, ETSI EN 319 411-1 , or ETSI EN 319 411-2 audit criteria * Covers a period of at least 60 days * Covers a period that ends within the past 15 months * Was prepared by a properly-Qualified Auditor In addition, the member organization is a member of a CWG, and actively issues certificates to end entities, such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum. Similar changes would be made to 2.1(a)(2) for Root Certificate Issuers. The question of requiring period-of-time audits was left unresolved on today's call. I have included the requirement here because the results of a straw poll conducted earlier this year [1] indicated strong support for such a requirement. Comments? One additional question on this section that we didn't get to on the call is the vague requirement for "actively" issuing certificates. Should we remove the word "actively" and change the final sentence to allow Associate member status for organizations with a point-in-time audit? Thanks, Wayne [1] https://cabforum.org/pipermail/public/2018-April/013259.html
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
