On Thu, Apr 7, 2022 at 5:03 PM Moudrick M. Dadashov <[email protected]> wrote:
> "*Conformity assessment can *help*, sure, but it's *not* a replacement.*" > > Sorry, I don’t know where this replacement comes from... > Put differently: It is not correct to view WebTrust as conformity assessment. Does that make it easier? > "*So no, it's a non-goal to focus on CABs and accreditation bodies, as > they are not the "two major players*"." > > The reason why these bodies are major players is obvious: accreditation is > the only process how CABs become CABs (and maintain their status) and > certification is the only process that enable CAs to participate in the > Root inclusion program. > Right, I think we're still talking past eachother. Certification is one of *two* ways in which CAs can participate in the Root Inclusion Program. Certification / Accreditation, as a model, *only* apply to the ETSI framework. They do not apply to the WebTrust framework. It is not correct to treat WebTrust as a certification scheme or a conformity assessment scheme. Does that make it clearer? -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAErg%3DHHTJkZg18TFvmdFYgMuoYZyjwhSb04BDBVbMgCqv1tjnw%40mail.gmail.com.
