you suggest for Mozilla.
Best regards
Clemens
On Friday, 6 November 2020 at 20:35:40 UTC+1, Ryan Sleevi wrote:
> On Fri, Nov 6, 2020 at 12:00 PM Clemens Wanko via dev-security-policy <
> dev-secur...@lists.mozilla.org> wrote:
>
> > Hi Ryan, hi all,
> &
Hi Ben,
in order to avoid for every single audit the compilation work for the auditor
(in person) on his qualification, independence, etc. as well as the need to
crosscheck the statements he made, that was covered for the EU ETSI/eIDAS
scheme by the accreditation of the body (organization;
Hi Ryan, hi all,
three things to comment on that:
1. How is the EU ETSI audit scheme thought and what is it intended to
provide to Mozilla and the CA/Browser ecosystem?
The European scheme of technical standards for CA/TSP developed by ETSI was
made and is constantly adopted to integrate
Hi Ben,
looking at what was suggested so far for section 3.2, it seems that the BR
combine and summarize under "qualified" in the BR section 8.2 what you and
Kathleen describe with the definitions for "competent" and "independent"
parties.
Based upon that, MRSP section 3.2 could be structured
Hi Ben,
that works fine for me from the ETSI auditors perspective.
REM: The ETSI Audit Attestation template requires the auditor to include a full
list of Bugzilla compliance bugs – resolved or unresolved – which are relevant
for the past audit period.
Best regards
Clemens
5 matches
Mail list logo