On 6/24/20 8:48 PM, Ryan Sleevi wrote:
On Wed, Jun 24, 2020 at 3:08 PM Kathleen Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
I have updated the following section of the wiki page to incorporate
feedback that I received from representatives of ACAB'c.
https://wiki.mozilla.org/CA/Audit_Statements#Verifying_ETSI_Auditor_Qualifications
I will greatly appreciate it if those of you familiar with ETSI audits
will review it and provide feedback.
<snip>
I would suggest that, for the time being, ACAB’c isn’t a shortcut. I
realize that means more work for Mozilla, and broadly for the industry, but
it might provide an opportunity for ACAB’c to focus on whether the goal is
to support eIDAS audit schemes and accreditation, or whether it is to
provide browsers equivalent confidence and focused collaboration in the way
the WebTrust TF had engaged in. That isn’t to suggest the auditors might
not also provide eIDAS audits, but it seems a real missed opportunity for
auditors to more proactively engage and ensure needs like Mozilla’s are met.
I have added the following sentence to the top of the Simplified Check
section:
IMPORTANT: At this time, this check may only be used as a preliminary
check, and the Standard Check must also be completed.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
