(Writing with an individual hat)
I would like to suggest that consideration be given to rejecting future
audits from TUVIT and from that of Matthias Wiedenhorst and Dr. Anja
Widermann, for some period of time. I would suggest this period be at least
one year long; however, given the technical
On Tue, Oct 30, 2018 at 11:59 AM Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2018-10-30 16:20, Ryan Sleevi wrote:
> > Given that the Supervisory Body and National Accreditation bodies exist
> to
> > protect the legal value of this scheme, the failure
Thanks for good overview.
I'd like to add some more.
Actually the most questionalble part of the chain is so called Supervisory
bodies.
Of course, root programs do not rely on SB assessment, but under eIDAS they are
authorised to audit TSPs and then publish National trust lists (as Scheme
On 2018-10-30 16:20, Ryan Sleevi wrote:
Given that the Supervisory Body and National Accreditation bodies exist to
protect the legal value of this scheme, the failure by TUVIT to uphold the
safety and security of the eIDAS regime represents an ongoing threat to the
ecosystem.
Do we have a way
Bonjour,
Le mardi 30 octobre 2018 16:20:31 UTC+1, Ryan Sleevi a écrit :
> (Writing with an individual hat)
>
> I would like to suggest that consideration be given to rejecting future
> audits from TUVIT and from that of Matthias Wiedenhorst and Dr. Anja
> Widermann, for some period of time. I
Le mardi 30 octobre 2018 17:29:14 UTC+1, Ryan Sleevi a écrit :
[...]
> Note that if either the TSP is suspended of their certification or
> withdrawn, no notification will be made to relying parties. The closest
> that it comes is that if they're accredited according to EN 319 411-2
> (Qualified
On Tue, Oct 30, 2018 at 1:10 PM Erwann Abalea via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> In fact, for the Relying Party, these certificates are definitely
> considered as Qualified certificates for website authentication, regardless
> of the content of the
Le mardi 30 octobre 2018 18:28:50 UTC+1, Ryan Sleevi a écrit :
> On Tue, Oct 30, 2018 at 1:10 PM Erwann Abalea via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > In fact, for the Relying Party, these certificates are definitely
> > considered as Qualified certificates
Le mardi 30 octobre 2018 18:30:11 UTC+1, Moudrick M. Dadashov a écrit :
> Thanks for good overview.
> I'd like to add some more.
> Actually the most questionalble part of the chain is so called Supervisory
> bodies.
> Of course, root programs do not rely on SB assessment, but under eIDAS they
>
Not seeing this on Google Groups :/
Le mar. 30 oct. 2018 à 18:28, Ryan Sleevi a écrit :
>
>
> On Tue, Oct 30, 2018 at 1:20 PM Erwann Abalea via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Le mardi 30 octobre 2018 17:29:14 UTC+1, Ryan Sleevi a écrit :
>> [...]
>> >
On Tue, Oct 30, 2018 at 5:08 PM Erwann Abalea wrote:
> Not seeing this on Google Groups :/
>
> Le mar. 30 oct. 2018 à 18:28, Ryan Sleevi a
> écrit :
>
>>
>>
>> On Tue, Oct 30, 2018 at 1:20 PM Erwann Abalea via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>>> Le
Le mardi 30 octobre 2018 22:23:10 UTC+1, Ryan Sleevi a écrit :
> On Tue, Oct 30, 2018 at 4:37 PM Erwann Abalea via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > > On what basis do you believe this claim is to be made? By virtue of
> > > asserting qcStatement-1? If
On Tue, Oct 30, 2018 at 4:37 PM Erwann Abalea via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> > On what basis do you believe this claim is to be made? By virtue of
> > asserting qcStatement-1? If qcStatement was mis-encoded, or qcStatement-1
> > was absent, do you
13 matches
Mail list logo