The last change I am proposing for version 2.7 of the Mozilla Root Store policy is an update to the minimum versions of audit criteria that we will accept in audits. I have conferred with the WebTrust Task Force and was informed that we can update the minimum version requirements for audit statements received after December 2019 as follows:
WebTrust for CA – instead of v2.0 use v2.2 WebTrust for BL+NSR – instead of v2.2 use v2.4.1 WebTrust for EVSSL – instead of v1.6.0 use v1.6.8 I asked the same question to ETSI representatives and was told that the following changes are appropriate: ETSI EN 319 411-1 - instead of v1.1.1 use v1.2.2 ETSI EN 319 411-2 - instead of v2.1.1 use v2.2.2 I have made these changes at https://github.com/mozilla/pkipolicy/commit/f605b39ccd9d1000ecebbfc028ab99aafae73d33 (I also update the links in a later commit) This is https://github.com/mozilla/pkipolicy/issues/197 I will greatly appreciate everyone's feedback - especially from any CAs or auditors for which these changes may cause problems. - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
