I believe I've captured this discussion in the proposed text here:
https://wiki.mozilla.org/CA:BaselineRequirements#Extended_Validation
Please let me know if I'm still missing something.
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-secur
On Tue, November 11, 2014 2:12 pm, Kathleen Wilson wrote:
> On 11/7/14, 2:51 PM, Ryan Sleevi wrote:
> >
> > In order for Mozilla to recognize a root as EV, it must first be
> > recognized as a root for SSL certificate issuance. If a certificate is
> > issued by that root as non-EV, it will still b
On 11/7/14, 2:51 PM, Ryan Sleevi wrote:
In order for Mozilla to recognize a root as EV, it must first be
recognized as a root for SSL certificate issuance. If a certificate is
issued by that root as non-EV, it will still be trusted for SSL.
The concern with your current proposal is that it crea
On Fri, November 7, 2014 1:26 pm, Kathleen Wilson wrote:
> On 11/7/14, 2:07 AM, Chema López wrote:
> > If "the WebTrust EV audit criteria includes the Baseline Requirements
> > audit
> > criteria" and, "In other words, the WebTrust EV audit statement will
> > also
> > suffice as the WebTrust BR a
On 11/7/14, 2:07 AM, Chema López wrote:
If "the WebTrust EV audit criteria includes the Baseline Requirements audit
criteria" and, "In other words, the WebTrust EV audit statement will also
suffice as the WebTrust BR audit statement", why is required for CAs to pay
for three seals? Maybe it is en
If "the WebTrust EV audit criteria includes the Baseline Requirements audit
criteria" and, "In other words, the WebTrust EV audit statement will also
suffice as the WebTrust BR audit statement", why is required for CAs to pay
for three seals? Maybe it is enough to hold WT4CA and WTEV.
Even more,
I think what you are saying is exactly how it works for ETSI audits.
Baseline requirements are part of ETSI TS 102 042 audit:
"The present document provides guidance on the assessment of
Certification Authorities issuing Certificates primarily for use with
Transport Layer Security (TLS) proto
On 11/6/2014 1:50 PM, Kathleen Wilson wrote:
> The CAB Forum's EV guidelines include the Baseline Requirements.
> Likewise, the WebTrust EV audit criteria includes the Baseline
> Requirements audit criteria. So, I have been asked to make the following
> clarification.
>
> In
> https://wiki.moz
This list is missing a security audit. I'd recommend the a network
security audit (or something else) that provides some assurance of
network security.
Since the BRs are explicitly referenced by the EV Guidelines (and
incorporated therein), why not require a BR audit plus EV for an EV
hierar
The CAB Forum's EV guidelines include the Baseline Requirements.
Likewise, the WebTrust EV audit criteria includes the Baseline
Requirements audit criteria. So, I have been asked to make the following
clarification.
In
https://wiki.mozilla.org/CA:BaselineRequirements#WebTrust_BR_Audit_Stateme
10 matches
Mail list logo