All, I previously updated section 11 of the draft of version 2.3 of Mozilla's CA Certificate Inclusion Policy to reflect the new ETSI numbers.
Please see section 11 of http://mozilla.github.io/ca-policy/InclusionPolicy.html and https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Changes_Made_to_DRAFT_Version_2.3 However, there appears to be some differences in the name and number of the ETSI criteria. My understanding is that ETSI TS 119 411 and ETSI EN 319 411 are equivalent. But CAs in some EU member states are required to use ETSI EN 319 411 instead of ETSI TS 119 411 (the ETSI standard). So, should I update the bullet points as follows, to add '(or ETSI EN 319 411-...)'? Or should I add two separate bullet points for ETSI EN 319 411-1 and ETSI EN 319 411-2? ~~ - Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-1 *(or ETSI EN 319 411-1)* V1.0.1 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements (as applicable to the "EVCP" and "EVCP+" certificate policies, DVCP and OVCP certificate policies for publicly trusted certificates - baseline requirements and any of the and any of the "NCP", "NCP+", or "LCP" certificate policies); - Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-2 *(or ETSI EN 319 411-2)* V2.0.7 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates (only applicable to electronic signature certificate issuance; applicable to either "QCP-l" or "QCP-l-qscd" or "QCP-n" or ''QCP-n-qscd'' or ''QCP-w). ~~ I apologize for my delay in updating Mozilla's CA Certificate Policy. In the meantime, I will treat the changes in the draft version (http://mozilla.github.io/ca-policy/) as accepted. For instance, I will accept the new ETSI audit criteria even though it is only in the draft of version 2.3 of the policy. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
