Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

I believe that all of the concerns related to this request for inclusion of the OISTE WISeKey Global Root GC CA have been addressed. I am now closing this discussion with a recommendation to approve this request. Any further comments should be added directly to the bug [1]. - Wayne [1]

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Having received the audit reports covering the period from the creation of this root, I would like to resume this discussion. Please post any remaining comments that you have on this inclusion request by next Friday, 10-August. - Wayne On Tue, Jul 31, 2018 at 2:47 AM Pedro Fuentes via

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hello, please note that if you didn't check this already, the above links only work now from the WISeKey website. You can access to the seals from the footer at any page at wisekey.com or you can use these direct links: Webtrust for CA:

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hello, we successfully completed the new audits. As requested, we modified the audit period to ensure that there aren't gaps since the creation date of the new Root. The Webtrust seals are available here: Webtrust for CA: https://www.cpacanada.ca/webtrustseal?sealid=10026 Webtrust SSL BR:

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

El martes, 26 de junio de 2018, 23:11:08 (UTC+2), Wayne Thayer escribió: > On Tue, Jun 26, 2018 at 1:53 PM Pedro Fuentes via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió: > > > > Hopefully the

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Tue, Jun 26, 2018 at 1:53 PM Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió: > > Hopefully the audit report will be just as boringly positive as usual... :) > > I'll come back then

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió: > > To be fair, you can align those periods by having one report prepared for 9 > May 2017 to your current audit period, and then include GC in with your > normal audit - without having to alter your period. It allows you to

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Tue, Jun 26, 2018 at 4:29 PM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, > My comments below. > > El martes, 26 de junio de 2018, 21:12:44 (UTC+2), Ryan Sleevi escribió: > > > > I just want to make sure - the plan is to provide a Period of

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hi Ryan, My comments below. El martes, 26 de junio de 2018, 21:12:44 (UTC+2), Ryan Sleevi escribió: > > I just want to make sure - the plan is to provide a Period of Time report > from when the key was created to 1 year after (i.e. 9 May 2017 to 8 May > 2018)? > If so, that definitely closes

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > 3.- The key ceremony of this Root was witnessed by the same auditors. I > would say that the mere fact that an auditor issues a point in time WT BR > report implies undoubtedly

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

I hope you realize that these discussions were happening well after we started the inclusion request in Bugzilla, and I can't even see how what we did wasn't compliant with BR 8.1, even with the current wording. Nevertheless, can we at least agree that our plan to advance the start of the

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Mon, Jun 25, 2018 at 2:45 PM Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > 7. In my humble opinion, I think that these

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, > thanks for your time reviewing this. I really appreciate your comments. > > As I have this week the auditors in the office, I prefer to check with > them before

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hi Ryan, thanks for your time reviewing this. I really appreciate your comments. As I have this week the auditors in the office, I prefer to check with them before issuing a more formal answer, because you're expressing concerns related to the audit practices that I'm not qualified enough to

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hi Pedro, I followed-up with folks to better understand the circumstances of your audits and the existing practicioner guidance. From these conversations, my understanding is that WebTrust is working to provide better practicioner clarity around these scenarios. To recap, the particular scenario

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hello, Sorry for my insistence, but our audit is scheduled in less than two weeks. I'd appreciate some feedback in the case there's any deviation with BR-8.1 that prevent keeping the planned audit scope. Thanks! Pedro El martes, 5 de junio de 2018, 9:02:42 (UTC+2), Ryan Sleevi escribió: > Hi

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Hi Pedro, I think the previous replies tried to indicate that I will not be available to review your feedback at all this week. On Mon, Jun 4, 2018 at 9:18 AM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Kind reminder. > Thanks! > >

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Kind reminder. Thanks! ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Dear all, As a reminder... WISeKey has three Roots "GA" (Generation A), GB and GC. GA and GB are already included and covered by annual audits. GC is the new one, only included by now by Microsoft. I got some inputs from the auditors, that I add here: "For the next annual audit, covering the

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Pedro, Thanks for the quick and detailed replies! A few responses inline. On Thu, May 24, 2018 at 8:19 AM, Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > * 1.5.4 requires a full meeting of the CAA to convene for updates, which > > may make it

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Dear all, please find bellow our responses to the "Meh" and "Bad" issues raised by Ryan. In respect to the points related to our auditors, we got their feedback and we're inserting also their responses here. Some of the points implied a change in the CPS, which is going to be published in less

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Thanks Wayne and Ryan, your feedback always helps us to improve. I'll respond in a separate message to Ryan concerns/questions. Only about the audit periods... it's not easy to synchronize everything, so what we did is the following: - A point-in-time audit after the Root was created - A

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

On Tue, May 22, 2018 at 12:11 PM Ryan Sleevi wrote: > Overall, I think this would be good to proceed, but there's certain > discrepancies called out under Questions that I think should be resolved > before doing so. I would suggest contacting WISeKey for follow-up on these, >

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Thanks for the reminder, Wayne. I've reviewed the CPS and Audit Reports and have the following comments. I will note that, due to having already had someone else look at it, I only focused on information validation related to domains and IPs, and did not examine the policies around OV and EV, as

Re: OISTE WISeKey Global Root GC CA Root Inclusion Request

Reminder: there is one week left in the discussion period for this inclusion request. On Tue, May 1, 2018 at 12:02 PM Wayne Thayer wrote: > This request is for inclusion of the OISTE WISeKey Global Root GC CA as > documented in the following bug: >

OISTE WISeKey Global Root GC CA Root Inclusion Request

This request is for inclusion of the OISTE WISeKey Global Root GC CA as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1403591 * BR Self Assessment is here: https://bugzilla.mozilla.org/attachment.cgi?id=8912732 * Summary of Information Gathered and Verified: