Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-12 Thread Ryan Sleevi
On Tue, November 11, 2014 2:12 pm, Kathleen Wilson wrote: On 11/7/14, 2:51 PM, Ryan Sleevi wrote: In order for Mozilla to recognize a root as EV, it must first be recognized as a root for SSL certificate issuance. If a certificate is issued by that root as non-EV, it will still be

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-11 Thread Kathleen Wilson
On 11/7/14, 2:51 PM, Ryan Sleevi wrote: In order for Mozilla to recognize a root as EV, it must first be recognized as a root for SSL certificate issuance. If a certificate is issued by that root as non-EV, it will still be trusted for SSL. The concern with your current proposal is that it

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-07 Thread Chema López
If the WebTrust EV audit criteria includes the Baseline Requirements audit criteria and, In other words, the WebTrust EV audit statement will also suffice as the WebTrust BR audit statement, why is required for CAs to pay for three seals? Maybe it is enough to hold WT4CA and WTEV. Even more, if

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-07 Thread Kathleen Wilson
On 11/7/14, 2:07 AM, Chema López wrote: If the WebTrust EV audit criteria includes the Baseline Requirements audit criteria and, In other words, the WebTrust EV audit statement will also suffice as the WebTrust BR audit statement, why is required for CAs to pay for three seals? Maybe it is

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-07 Thread Ryan Sleevi
On Fri, November 7, 2014 1:26 pm, Kathleen Wilson wrote: On 11/7/14, 2:07 AM, Chema López wrote: If the WebTrust EV audit criteria includes the Baseline Requirements audit criteria and, In other words, the WebTrust EV audit statement will also suffice as the WebTrust BR audit

Clarification about WebTrust BR and WebTrust EV audits

2014-11-06 Thread Kathleen Wilson
The CAB Forum's EV guidelines include the Baseline Requirements. Likewise, the WebTrust EV audit criteria includes the Baseline Requirements audit criteria. So, I have been asked to make the following clarification. In

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-06 Thread Jeremy . Rowley
This list is missing a security audit. I'd recommend the a network security audit (or something else) that provides some assurance of network security. Since the BRs are explicitly referenced by the EV Guidelines (and incorporated therein), why not require a BR audit plus EV for an EV

Re: Clarification about WebTrust BR and WebTrust EV audits

2014-11-06 Thread David E. Ross
On 11/6/2014 1:50 PM, Kathleen Wilson wrote: The CAB Forum's EV guidelines include the Baseline Requirements. Likewise, the WebTrust EV audit criteria includes the Baseline Requirements audit criteria. So, I have been asked to make the following clarification. In