There has been a lot of confusion about the transition to the new standards, and I believe that this change makes it clearer that Mozilla no longer accepts audits based on the older ETSI standards.
On Tue, Mar 27, 2018 at 4:28 AM, Julian Inza via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > European Conformity Assessment Bodies are nowadays issuing Audit > Certificates aligned with EN 319 401, EN 319-411-1 and EN 319 411-2 > standards. > > There is no need to explicitly deny validity to previous standars, because > as Jakob states, they can reflect the chain of audits. > > In fact, TS 102 042 and TS 101 456 are basically the same standards, but > instead of changing only the version number, ETSI opted to renew the full > reference code, more in the approach of IETF for RFCs. > > The Mozilla rule also is aligned with CAB Forum Baseline Requirements for > the Issuance and Management of Publicly-Trusted Certificates and Extended > Validation SSL Certificate Guidelines, and any change to those documents > would need a ballot. > > This is the kind of confusion that I hope to avoid. Mozilla policy is not aligned with the BRs now that Mozilla does not accept TS 102 042 and TS 101 456 audits. Regards, > > Julian Inza > > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy