Re: Policy 2.6 Proposal: Update Minimum Audit Versions

Thu, 10 May 2018 22:23:44 -0700 

Hello Peter,
These were very recently published however not everyone is tracking down ETSI updates by registering to the mailing lists. The main question is where can you find the authoritative document *list*? I though the official list is https://portal.etsi.org/TBSiteMap/ESI/TrustServiceProviders.aspx. 


Also, were there any other versions published before 1.2.2? The 
recommendation says "1.2 or later". Where are the versions 1.2.0, 1.2.1 
published?


Thanks,
Dimitris.

On 11/5/2018 8:13 πμ, Peter Miškovič via dev-security-policy wrote:

There were published a new versions of both ETSI standards:

ETSI EN 319 411-1 V1.2.2 adopted on April 23, 2018
http://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.02.02_60/en_31941101v010202p.pdf

ETSI EN 319 411-2 V2.2.2 adopted on April 23, 2018
http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.02.02_60/en_31941102v020202p.pdf

Peter

-----Original Message-----
From: dev-security-policy 
<dev-security-policy-bounces+peter.miskovic=disig...@lists.mozilla.org> On 
Behalf Of Wayne Thayer via dev-security-policy
Sent: Thursday, May 10, 2018 5:04 PM
To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Policy 2.6 Proposal: Update Minimum Audit Versions

After consulting with representatives from WebTrust and ETSI, I propose that we 
update the minimum required versions of audit criteria in section
3.1.1 as follows:

- WebTrust "Principles and Criteria for Certification Authorities - Extended 
Validation SSL" from 1.4.5 to 1.6.0 or later
- “Trust Service Providers practice” in ETSI EN 319 411-1 from 1.1.1 to 1.2 or 
later
- “Trust Service Providers practice” in ETSI EN 319 411-2  from 2.1.1 to
2.2 or later

These newer versions were all published last year and should be the minimum for 
audits completed from now on.

Please respond with any concerns you have about this update to our root store 
policy.

- Wayne
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy



_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy






















					Reply via email to