After consulting with representatives from WebTrust and ETSI, I propose that we update the minimum required versions of audit criteria in section 3.1.1 as follows:
- WebTrust "Principles and Criteria for Certification Authorities - Extended Validation SSL" from 1.4.5 to 1.6.0 or later - “Trust Service Providers practice” in ETSI EN 319 411-1 from 1.1.1 to 1.2 or later - “Trust Service Providers practice” in ETSI EN 319 411-2 from 2.1.1 to 2.2 or later These newer versions were all published last year and should be the minimum for audits completed from now on. Please respond with any concerns you have about this update to our root store policy. - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy