[cabfpub] Next Published Version of Baseline Requirements

Ben Wilson ben at digicert.com
Mon Mar 18 21:38:36 UTC 2013 

All,

Here is the pre-publication draft of version 1.1.3 of the Baseline
Requirements as outlined in my previous emails.  Let's discuss on Thursday's
call.

Ben

 

From: Ben Wilson [mailto:ben at digicert.com] 
Sent: Monday, March 18, 2013 12:38 PM
To: 'public at cabforum.org'
Subject: RE: [cabfpub] Next Published Version of Baseline Requirements

 

All,

 

The WebTrust Task Force has helpful language in version 1.1, Audit Criteria
for Baseline Requirements, which I would like to re-purpose in one of the
title pages for version 1.1.3 of the BRs.  

 

What if we said?

 

Implementers' Note:  Version 1.1 of the SSL Baseline Requirements was
published on September 14, 2012.  Version 1.1 of WebTrust's SSL Baseline
Audit Criteria and ETSI Technical Standard Electronic Signatures and
Infrastructures (ESI) 102 042 version 2.3.1 incorporate version 1.1 of these
Baseline Requirements and are currently in effect.  See
http://www.webtrust.org/homepage-documents/item27839.aspx and
http://www.etsi.org/deliver/etsi_ts/102000_102099/102042/02.03.01_60/ts_1020
42v020301p.pdf.  The CA / Browser Forum continues to improve the Baseline
Requirements, and we encourage all CAs to conform to each revision on the
date specified without awaiting a corresponding update to an applicable
audit criterion.  In the event of a conflict between an existing audit
criterion and a guideline revision, we will communicate with the audit
community and attempt to resolve any uncertainty, and we will respond to
implementation questions directed to questions at cabforum.org.  Our
coordination with compliance auditors will continue as we develop guideline
revision cycles that harmonize with the revision cycles for audit criteria,
the compliance auditing periods and cycles of CAs, and the CA / B Forum's
guideline implementation dates. 

 

(Also, instead of creating a redline from version 1.0, it should be based on
BR 1.1 because I think that is what was used for ETSI TS 102 042 V2.3.1 (and
certainly for v.1.1 of WebTrust for the BRs) and from my review, the changes
do not make comparison for compliance purposes that difficult.)

 

Ben  

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Wilson
Sent: Friday, March 15, 2013 6:14 PM
To: public at cabforum.org
Subject: [cabfpub] Next Published Version of Baseline Requirements

 

All,

 

In response to Gerv's email of 28-Jan-2013 ("[cabfpub] CAB Forum Document
Versioning"), and changes related to Ballots 71, 93, 96, and 97, I am
preparing a proposed version 1.1.3 of the Baseline Requirements - see
attached "Document History" table.  Also, to address other comments on that
same "Versioning" thread, and also to address BR Issue 33 - Title Pages -
"No single place to view effective dates", I've created a table of
compliance dates.   Please review both tables on the attached page.  

 

To further address comments about ongoing improvements to the Baseline
Requirements, I have two more suggestions:  (1) we have room for text on
this page that could explain a little about how to comply with post-v.1.0
versions of the BRs, assuming CAs are audited under WebTrust for CAs- SSL
Baseline Requirements Audit Criteria, V1.0, or ETSI TS 102 042 V2.3.1; and
(2) it will be relatively easy to create a redlined PDF that compares BR v.
1.1.3 to BR v. 1.0, so that anyone looking at a WebTrust or ETSI audit can
determine whether any post-BR v1.0 changes are relevant to their
consideration.

 

Ben

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130318/4f615d9d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BRv.1.1.3-redlined.pdf
Type: application/pdf
Size: 245264 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130318/4f615d9d/attachment-0006.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BRv.1.1.3.pdf
Type: application/pdf
Size: 237075 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130318/4f615d9d/attachment-0007.pdf>

More information about the Public mailing list