All,this is probably an old question, but I could not find the answer in the mailing list archives, so please bear with me.
In reading the BR, it is not clear to me whether a DTP is allowed to start "issuing" certificates (i.e. start requesting the CA to issue certificates based on their vetting) before having ever been audited. CAs are required to pass a PITRA, before issuing their first Publicly-Trusted Certificates, but I am not sure if the same holds for DTPs. It seems to me that this aspect is not very clear in the BR.
Adriano
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
