Re: Questions regarding the qualifications and competency of TUVIT

2018-10-30 Thread Moudrick M. Dadashov via dev-security-policy
Thanks for good overview. I'dĀ  like to add some more. Actually the most questionalble part of the chain is so called Supervisory bodies. Of course, root programs do not rely on SB assessment, but under eIDAS they are authorised to audit TSPs and then publish National trust lists (as Scheme

Re: Google OCSP service down

2018-01-22 Thread Moudrick M. Dadashov via dev-security-policy
Hi Wayne, This is how its supposed to work under eIDAS: 1. Check the value of the QCStatement [1] of the certificate under problem (which is the location of PDS); 2. Open the PDS and check relevant contact info as in [2]. Thanks, M.D. [1] see 4.3.4 (QCStatement regarding location of PKI Disc

Re: ETSI audits not listing audit periods

2017-11-07 Thread Moudrick M. Dadashov via dev-security-policy
Thank you for clarification. Do you think the terms "/approval scheme/", "/supervision scheme/", "/accreditation//scheme/" etc. (used in some ETSI TSs or the Commission Decisions) have the same meaning and ETSI EN 319 403 is just one of possible "/certification scheme/s"? Thanks, M.D. On 11

Re: ETSI audits not listing audit periods

2017-10-30 Thread Moudrick M. Dadashov via dev-security-policy
You might want to add one more: REGULATION (EC) No 765/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 see also eIDASĀ  recit

Re: ETSI audits not listing audit periods

2017-10-30 Thread Moudrick M. Dadashov via dev-security-policy
FYI: see section 7.4.4 of ETSI EN 319 403, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers, http://www.etsi.org/deliver/etsi_en/319400_319499/319403/02.02.02_60/en_3

Re: Machine- and human-readable format for root store information?

2017-06-26 Thread Moudrick M. Dadashov via dev-security-policy
Hi Gerv, FYI: ETSI TS 119 612 V2.2.1 (2016-04), Electronic Signatures and Infrastructures (ESI); Trusted Lists http://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.02.01_60/ts_119612v020201p.pdf Thanks, M.D. On 6/26/2017 4:50 PM, Gervase Markham via dev-security-policy wrote: A few ro

Re: On remedies for CAs behaving badly

2017-06-05 Thread Moudrick M. Dadashov via dev-security-policy
+1 Thanks, M.D. On 6/5/2017 7:16 PM, Ryan Sleevi via dev-security-policy wrote: On Mon, Jun 5, 2017 at 11:52 AM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: Has there ever been an effort by the root programs to directly assess monetary penalties to