[cabfpub] Ballot 107 - Removing version numbers to WebTrust andETSI standards from CABF Guidelines (EVG and BR)
Ben Wilson
ben at digicert.com
Tue Jul 30 15:59:01 UTC 2013
We could, but we might want to rewrite the paragraph and explain it more.
The reason for being more specific here is to reference ETSI or WebTrust
with the past version relied upon. When the auditors come out with their
new version, then we'll re-sync with the next delta of the guideline (rather
than publishing errata as we used to do). I'm trying to address the fact
that whenever this topic comes up during our meetings people say that we
aren't clear enough with how to bridge between guidelines and audit
criteria. If someone can re-write the paragraph before we start voting on
this ballot (COB Friday), then we can make that change.
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of i-barreira at izenpe.net
Sent: Tuesday, July 30, 2013 12:53 AM
To: ben at digicert.com; md at ssc.lt; sigbjorn at opera.com
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust
andETSI standards from CABF Guidelines (EVG and BR)
I´m ok but I´d also change in the BR-ballot-107.pdf document, at the
beginning, in "implementers´ note" the references to the versions that are
made regarding the webtrust and ETSI docs
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.
-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En
nombre de Ben Wilson Enviado el: martes, 30 de julio de 2013 2:03
Para: 'Moudrick M. Dadashov'; 'Sigbjørn Vik'
CC: public at cabforum.org
Asunto: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust
andETSI standards from CABF Guidelines (EVG and BR)
In this ballot I think we were moving away from supplying URLs, and while we
could put in generic references to where to go (e.g. "
http://www.etsi.org/standards" or " http://www.webtrust.org"), I think most
people will be able to track down the most current versions through Internet
search. In response to Sigi's comment, what if we put the following
parenthetical just below BR 3.0 References-- "(Please refer to the latest
official version of these publications.)" ? I also don't want to say we
always require the most current version--it depends on the group publishing
the reference. For instance, a cryptomodule certified using FIPS 140-2 is
not obsoleted simply because 140-3 is adopted. (I'm proposing that along
with the other changes being made that "-2" and "May 25, 2001" be removed
from the FIPS 140 reference.) There are a few additional changes in the
attached PDFs that differ slightly from the wording in the ballot that was
sent out. If these redlines are acceptable to the sponsor/endorsers, then
we can make the changes on the wiki accordingly.
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Moudrick M. Dadashov
Sent: Saturday, July 27, 2013 7:47 AM
To: Sigbjørn Vik
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 107 - Removing version numbers to WebTrust and
ETSI standards from CABF Guidelines (EVG and BR)
On 7/27/2013 4:08 PM, Sigbjørn Vik wrote:
> On 27-Jul-13 01:28, Ben Wilson wrote:
>> Ballot 107 - Removing version numbers to WebTrust and ETSI standards
>> from CABF Guidelines (EVG and BR)
>>
>> Mads Henriksveen made the following motion, and iñigo Barreira from
>> Izenpe, and Kirk Hall from Trend Micro endorsed it:
> I am in favor of clarifying the text, and minimizing any maintenance
> needs. Do we need to specify somewhere that whenever we reference
> another document, we reference the latest version?
>
> E.g. the following:
>> The CA SHALL undergo an audit in accordance with one of the following
>> schemes:
>> 1. WebTrust Program for Certification Authorities audit;
> [...]
> Could easily be read as any version will suffice.
>
> An introduction in the references section explaining that we always
> refer to the latest official version would presumably cover this.
>
good point, Sigbjørn, or at least indicate URLs where the current versions
can be found.
Thanks,
M.D.
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list