I believe that all of the concerns related to this request for inclusion of
the OISTE WISeKey Global Root GC CA have been addressed. I am now closing
this discussion with a recommendation to approve this request. Any further
comments should be added directly to the bug [1].
- Wayne
[1]
Having received the audit reports covering the period from the creation of
this root, I would like to resume this discussion. Please post any
remaining comments that you have on this inclusion request by next Friday,
10-August.
- Wayne
On Tue, Jul 31, 2018 at 2:47 AM Pedro Fuentes via
Hello,
please note that if you didn't check this already, the above links only work
now from the WISeKey website. You can access to the seals from the footer at
any page at wisekey.com or you can use these direct links:
Webtrust for CA:
Hello,
we successfully completed the new audits. As requested, we modified the audit
period to ensure that there aren't gaps since the creation date of the new Root.
The Webtrust seals are available here:
Webtrust for CA:
https://www.cpacanada.ca/webtrustseal?sealid=10026
Webtrust SSL BR:
El martes, 26 de junio de 2018, 23:11:08 (UTC+2), Wayne Thayer escribió:
> On Tue, Jun 26, 2018 at 1:53 PM Pedro Fuentes via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió:
> >
> > Hopefully the
On Tue, Jun 26, 2018 at 1:53 PM Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió:
>
> Hopefully the audit report will be just as boringly positive as usual... :)
>
> I'll come back then
El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió:
>
> To be fair, you can align those periods by having one report prepared for 9
> May 2017 to your current audit period, and then include GC in with your
> normal audit - without having to alter your period. It allows you to
On Tue, Jun 26, 2018 at 4:29 PM, Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan,
> My comments below.
>
> El martes, 26 de junio de 2018, 21:12:44 (UTC+2), Ryan Sleevi escribió:
> >
> > I just want to make sure - the plan is to provide a Period of
Hi Ryan,
My comments below.
El martes, 26 de junio de 2018, 21:12:44 (UTC+2), Ryan Sleevi escribió:
>
> I just want to make sure - the plan is to provide a Period of Time report
> from when the key was created to 1 year after (i.e. 9 May 2017 to 8 May
> 2018)?
> If so, that definitely closes
On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> 3.- The key ceremony of this Root was witnessed by the same auditors. I
> would say that the mere fact that an auditor issues a point in time WT BR
> report implies undoubtedly
I hope you realize that these discussions were happening well after we started
the inclusion request in Bugzilla, and I can't even see how what we did wasn't
compliant with BR 8.1, even with the current wording.
Nevertheless, can we at least agree that our plan to advance the start of the
On Mon, Jun 25, 2018 at 2:45 PM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> 7. In my humble opinion, I think that these
On Mon, Jun 25, 2018 at 5:12 PM, Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan,
> thanks for your time reviewing this. I really appreciate your comments.
>
> As I have this week the auditors in the office, I prefer to check with
> them before
Hi Ryan,
thanks for your time reviewing this. I really appreciate your comments.
As I have this week the auditors in the office, I prefer to check with them
before issuing a more formal answer, because you're expressing concerns related
to the audit practices that I'm not qualified enough to
Hi Pedro,
I followed-up with folks to better understand the circumstances of your
audits and the existing practicioner guidance. From these conversations, my
understanding is that WebTrust is working to provide better practicioner
clarity around these scenarios.
To recap, the particular scenario
Hello,
Sorry for my insistence, but our audit is scheduled in less than two weeks.
I'd appreciate some feedback in the case there's any deviation with BR-8.1 that
prevent keeping the planned audit scope.
Thanks!
Pedro
El martes, 5 de junio de 2018, 9:02:42 (UTC+2), Ryan Sleevi escribió:
> Hi
Hi Pedro,
I think the previous replies tried to indicate that I will not be available
to review your feedback at all this week.
On Mon, Jun 4, 2018 at 9:18 AM, Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Kind reminder.
> Thanks!
>
>
Kind reminder.
Thanks!
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Dear all,
As a reminder... WISeKey has three Roots "GA" (Generation A), GB and GC. GA and
GB are already included and covered by annual audits. GC is the new one, only
included by now by Microsoft.
I got some inputs from the auditors, that I add here:
"For the next annual audit, covering the
Pedro,
Thanks for the quick and detailed replies! A few responses inline.
On Thu, May 24, 2018 at 8:19 AM, Pedro Fuentes via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> > * 1.5.4 requires a full meeting of the CAA to convene for updates, which
> > may make it
Dear all,
please find bellow our responses to the "Meh" and "Bad" issues raised by Ryan.
In respect to the points related to our auditors, we got their feedback and
we're inserting also their responses here.
Some of the points implied a change in the CPS, which is going to be published
in less
Thanks Wayne and Ryan, your feedback always helps us to improve.
I'll respond in a separate message to Ryan concerns/questions.
Only about the audit periods... it's not easy to synchronize everything, so
what we did is the following:
- A point-in-time audit after the Root was created
- A
On Tue, May 22, 2018 at 12:11 PM Ryan Sleevi wrote:
> Overall, I think this would be good to proceed, but there's certain
> discrepancies called out under Questions that I think should be resolved
> before doing so. I would suggest contacting WISeKey for follow-up on these,
>
Thanks for the reminder, Wayne.
I've reviewed the CPS and Audit Reports and have the following comments. I
will note that, due to having already had someone else look at it, I only
focused on information validation related to domains and IPs, and did not
examine the policies around OV and EV, as
Reminder: there is one week left in the discussion period for this
inclusion request.
On Tue, May 1, 2018 at 12:02 PM Wayne Thayer wrote:
> This request is for inclusion of the OISTE WISeKey Global Root GC CA as
> documented in the following bug:
>
This request is for inclusion of the OISTE WISeKey Global Root GC CA as
documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1403591
* BR Self Assessment is here:
https://bugzilla.mozilla.org/attachment.cgi?id=8912732
* Summary of Information Gathered and Verified:
26 matches
Mail list logo