On 30/10/2018 6:28 μμ, Ryan Sleevi via dev-security-policy wrote:
This establishes who the CAB is and who the NAB is. As the scheme used in
eIDAS for CABs is ETSI EN 319 403, the CAB must perform their assessments
in concordance with this scheme, and the NAB is tasked with assessing their
There's a lot of nitpicking in this, and I feel that if you want to
continue this discussion, it would be better off in a separate thread on
terminology. I disagree with some of the claims you've made, so have
corrected them for the discussion.
I would much rather keep this focused on the
On 31/10/2018 4:47 μμ, Ryan Sleevi via dev-security-policy wrote:
There's a lot of nitpicking in this, and I feel that if you want to
continue this discussion, it would be better off in a separate thread on
terminology. I disagree with some of the claims you've made, so have
corrected them for
On Wed, Oct 31, 2018 at 12:55 PM Dimitris Zacharopoulos via
dev-security-policy wrote:
>
>
> On 31/10/2018 4:47 μμ, Ryan Sleevi via dev-security-policy wrote:
> > There's a lot of nitpicking in this, and I feel that if you want to
> > continue this discussion, it would be better off in a
On 2018-10-31 16:42, Wiedenhorst, Matthias wrote:
In several emails, we answered to his complaint, explained our procedures and
justified the classification of the encoding error as minor (non-critical)
non-conformity.
I think we never consider encoding errors as a minor error.
Kurt
On Wed, Oct 31, 2018 at 11:43 AM Wiedenhorst, Matthias via
dev-security-policy wrote:
> · Since January 2018, T-Systems issued EV certificates with an
> incorrect qcStatement. T-Systems was made aware of the problem in October
> 2018, i.e. for about 9 month the error was not
On Wed, Oct 31, 2018 at 4:05 PM Dimitris Zacharopoulos
wrote:
> > For example, when we talk about expectations of CAs, we don't talk about
> > what they 'could' do, we talk about what they MUST do, because at the end
> > of the day, that's the bar they're being held to. It's certainly true
>
Camerfirma has delivered point-in-time audits as required by Mozilla in
response to the annual audit statements we received in July containing
multiple qualifications. The new audit statements along with the history of
this issue can be found at
https://bugzilla.mozilla.org/show_bug.cgi?id=1478933
On 31/10/2018 8:00 μμ, Ryan Sleevi via dev-security-policy wrote:
[...]
Dimitris, I'm sorry, but I don't believe this is a correct correction.
EN 319 403 incorporates ISO/IEC 17065; much like the discussion about EN
319 411-2 incorporating, but being separate from, EN 319 411-1, the
9 matches
Mail list logo