[cabfpub] When to stop accepting old ETSI audits?

Moudrick M. Dadashov md at ssc.lt
Mon Nov 28 23:32:56 UTC 2016


Indeed, Richard, but unfortunately what used to be a single step (audit) 
now needs two steps - the TSPs need to meet also the [non-existing] 
supervisor requirements.

Thanks,
M.D.

On 11/29/2016 1:05 AM, tScheme Technical Manager wrote:
>
> Technically, eIDAS gave July 2016 as the cutoff but allowed one year 
> for transition. However, it states that any audits after July 2016 
> must use new requirements.
>
> Cheers
>
> Richard
>
> ------------------------------------
> Richard Trevorah
> Technical Manager
> tScheme Limited
>
> M: +44 (0) 781 809 4728
> F: +44 (0) 870 005 6311
>
> http://www.tscheme.org
> ------------------------------------
>
> The information in this message and, if present, any attachments are 
> intended solely for the attention and use of the named addressee(s). 
> The content of this e-mail and its attachments is confidential and may 
> be legally privileged. Unless otherwise stated, any use or disclosure 
> is unauthorised and may be unlawful.
>
> If you are not the intended recipient, please delete the message and 
> any attachments and notify the sender as soon as practicable
>
> *From:*Public [mailto:public-bounces at cabforum.org] *On Behalf Of 
> *Moudrick M. Dadashov via Public
> *Sent:* 28 November 2016 22:59
> *To:* CA/Browser Forum Public Discussion List
> *Cc:* Moudrick M. Dadashov
> *Subject:* Re: [cabfpub] When to stop accepting old ETSI audits?
>
> Yes, July 2017 is reasonable - the new ones require extra bureaucracy 
> with the supervisors.
>
> Thanks,
> M.D.
>
> On 11/28/2016 3:44 PM, Gervase Markham via Public wrote:
>
>     Dear CAB Forum members,
>
>     Ballot 171, passed on 1st July 2016, updated the BRs to remove the old
>
>     ETSI criteria (ETSI TS 101 456 V1.4.3 or ETSI TS 102 042 V2.3.1) and add
>
>     the new ones (ETSI EN 319 411-1 v1.1.1 or ETSI EN 319 411-2 v2.1.1).
>
>     This change was made in BRs v.1.3.6. However, no dates were associated
>
>     with the change.
>
>     Mozilla CA Policy 2.3 (about to be published) permits either set of
>
>     criteria to be used.
>
>     By what date would it be reasonable for Mozilla to require that all new
>
>     ETSI audits use the new criteria?
>
>     Inigo says that eIDAS (which, of course, refers only to the issuance of
>
>     Qualified certificates) have specified July 2017 as the end date for the
>
>     old criteria. Would that be a reasonable choice?
>
>     Gerv
>
>     _______________________________________________
>
>     Public mailing list
>
>     Public at cabforum.org <mailto:Public at cabforum.org>
>
>     https://cabforum.org/mailman/listinfo/public
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161129/98e84964/attachment-0002.html>


More information about the Public mailing list