On 24/1/2019 8:16 μ.μ., Wayne Thayer via Public wrote:
On today's call we discussed a number of changes to the bylaws aimed
at clarifying the rules for membership. The proposal for section
2.1(a)(1) resulting from today's discussion is:
Certificate Issuer: The member organization operates a
certification authority that has a publicly-available audit report
or attestation statement that meets the following requirements:
* Is based on the full, current version of the WebTrust for CAs,
ETSI EN 319 411-1 , or ETSI EN 319 411-2 audit criteria
* Covers a period of at least 60 days
* Covers a period that ends within the past 15 months
* Was prepared by a properly-Qualified Auditor
In addition, the member organization is a member of a CWG, and
actively issues certificates to end entities, such certificates
being treated as valid by a Certificate Consumer Member.
Applicants that are not actively issuing certificates but
otherwise meet membership criteria may be granted Associate Member
status under Bylaw Sec. 3.1 for a period of time to be designated
by the Forum.
Similar changes would be made to 2.1(a)(2) for Root Certificate Issuers.
The question of requiring period-of-time audits was left unresolved on
today's call. I have included the requirement here because the results
of a straw poll conducted earlier this year [1] indicated strong
support for such a requirement.
Comments?
We can explicitly say that Certificate Issuers can be accepted with a
WebTrust for CAs Point-in-time public audit report but will remain in
the Associate Member status until they provide a Period-of-time public
audit report.
One additional question on this section that we didn't get to on the
call is the vague requirement for "actively" issuing certificates.
Should we remove the word "actively" and change the final sentence to
allow Associate member status for organizations with a point-in-time
audit?
I think we should remove the word "actively". Even a certificate issued
to a domain controlled by the Certificate Issuer that chains to a
Certificate Consumer Member's software should be sufficient.
Dimitris.
Thanks,
Wayne
[1] https://cabforum.org/pipermail/public/2018-April/013259.html
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
