ch policies apply.
>>
>> Based on the feedback so far, none of these options is desirable. I
> propose that we only make the change to section 5.3.2 of the Mozilla policy
> that clarifies the audit requirements for new subCA certificates, as
> follows:
>
> If the subord
rable. I
propose that we only make the change to section 5.3.2 of the Mozilla policy
that clarifies the audit requirements for new subCA certificates, as
follows:
If the subordinate CA has a currently valid audit report at the time of
> creation of the certificate, it MUST appear on the subordinat
[mailto:wtha...@mozilla.com]
> *Sent:* Thursday, April 5, 2018 1:56 PM
> *To:* Ben Wilson <ben.wil...@digicert.com>
> *Cc:* Dimitris Zacharopoulos <ji...@it.auth.gr>; r...@sleevi.com;
> mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org
> >
&
I've gone ahead and removed references to ETSI TS 101 456 and TS 102 042
from the 2.6 branch of the policy:
https://github.com/mozilla/pkipolicy/commit/49a07119a1fd5c887d4b506f60e210fad941b26a
- Wayne
On Tue, Mar 27, 2018 at 12:44 PM, Wayne Thayer wrote:
> There has been
om;
mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates
On Thu, Apr 5, 2018 at 12:05 PM, Ben Wilson <ben.wil...@digicert.com
<mailto:ben.wil...@digicert.com> > wrote:
If I c
Zacharopoulos via dev-security-policy
Sent: Thursday, April 5, 2018 12:56 PM
To: r...@sleevi.com
Cc: mozilla-dev-security-policy
<mozilla-dev-security-pol...@lists.mozilla.org>; Wayne Thayer
<wtha...@mozilla.com>
Subject: Re: Policy 2.6 Proposal: Audit requirements for new subCA certificates
O
[1] we decided to clarify the audit requirements
for
new subordinate CA certificates. I’ve drafted a change that requires the
new certificate to appear in the next periodic audits and in the CP/CPS
prior to issuance:
https://github.com/mozilla/pkipolicy/commit/09867ef4a0db3b1c
ab162930c0326c84d272ec
On Thu, Apr 5, 2018 at 5:20 AM, Dimitris Zacharopoulos via
dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> On 5/4/2018 12:02 πμ, Wayne Thayer via dev-security-policy wrote:
>
>> In a recent discussion [1] we decided to clarify the audit requirements
>>
In a recent discussion [1] we decided to clarify the audit requirements for
new subordinate CA certificates. I’ve drafted a change that requires the
new certificate to appear in the next periodic audits and in the CP/CPS
prior to issuance:
https://github.com/mozilla/pkipolicy/commit
There has been a lot of confusion about the transition to the new
standards, and I believe that this change makes it clearer that Mozilla no
longer accepts audits based on the older ETSI standards.
On Tue, Mar 27, 2018 at 4:28 AM, Julian Inza via dev-security-policy <
I support this change. Previously accepted audits are covered by previously
accepted policies, so there's no issue since there should be no new audits
going forward using these criteria, much in the same way all new, valid
WebTrust audits are using the new criteria.
On Mon, Mar 26, 2018 at 4:41
European Conformity Assessment Bodies are nowadays issuing Audit Certificates
aligned with EN 319 401, EN 319-411-1 and EN 319 411-2 standards.
There is no need to explicitly deny validity to previous standars, because as
Jakob states, they can reflect the chain of audits.
In fact, TS 102 042
On 26/03/2018 22:41, Wayne Thayer wrote:
Mozilla policy section 3.1.2.2 states:
ETSI TS 102 042 and TS 101 456 audits are only acceptable for audit periods
ending in July 2017 or earlier.
Now that we are past this deadline, I propose that we remove all references
to ETSI TS 102 042 and 101
Mozilla policy section 3.1.2.2 states:
ETSI TS 102 042 and TS 101 456 audits are only acceptable for audit periods
> ending in July 2017 or earlier.
>
Now that we are past this deadline, I propose that we remove all references
to ETSI TS 102 042 and 101 456 from the policy.
This is:
with issuing policies, profiles, and technical requirements.
>
> Of-course the ETSI report, or its Annex also includes the whole list of the
> subordinates too.
>
> Also the Microsoft doesn't accepts audit report without the subordinate list,
> so its mandatory nowadays.
>
>
ng subcas are checked against the compliance
> with issuing policies, profiles, and technical requirements.
>
> Of-course the ETSI report, or its Annex also includes the whole list of the
> subordinates too.
>
> Also the Microsoft doesn't accepts audit report without the su
Annex also includes the whole list of the
subordinates too.
Also the Microsoft doesn't accepts audit report without the subordinate list,
so its mandatory nowadays.
I think what is important to add the 319411-1 and -2 to the actual acceptable
audit requirements, because the MS ask
that a CP-to-CPS analysis was conducted along with annual
core requirements. WebTrust has recognized this additional requirement as part
of their Certification Compliance Matrix.
If anyone is interested, FPKI Compliance Audit Requirements can be found here
https://www.idmanagement.gov/IDM/s
curity-pol...@lists.mozilla.org
Subject: Re: Audit requirements
On Fri, Sep 23, 2016 at 5:29 AM, Kurt Roeckx <k...@roeckx.be> wrote:
> On 2016-09-23 00:57, Peter Bowen wrote:
>>
>> Kathleen, Gerv, Richard and m.d.s.p,
>>
>> In reviewing the WebTrust audit documentat
On Fri, Sep 23, 2016 at 5:29 AM, Kurt Roeckx wrote:
> On 2016-09-23 00:57, Peter Bowen wrote:
>>
>> Kathleen, Gerv, Richard and m.d.s.p,
>>
>> In reviewing the WebTrust audit documentation submitted by various CA
>> program members and organizations wishing to be members, it seems
On 23/09/2016 14:29, Kurt Roeckx wrote:
On 2016-09-23 00:57, Peter Bowen wrote:
Kathleen, Gerv, Richard and m.d.s.p,
In reviewing the WebTrust audit documentation submitted by various CA
program members and organizations wishing to be members, it seems
there is possibly some confusion on what
Kathleen, Gerv, Richard and m.d.s.p,
In reviewing the WebTrust audit documentation submitted by various CA
program members and organizations wishing to be members, it seems
there is possibly some confusion on what is required by Mozilla. I
suspect this might also span to ETSI audit
22 matches
Mail list logo