info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Policy Update Proposal: Add ETSI EN 319 411
108 views
Skip to first unread message
Kathleen Wilson
Apr 11, 2016, 3:04:32 PM4/11/16
to mozilla-dev-s...@lists.mozilla.org
All,
I previously updated section 11 of the draft of version 2.3 of Mozilla's CA Certificate Inclusion Policy to reflect the new ETSI numbers.
Please see section 11 of
http://mozilla.github.io/ca-policy/InclusionPolicy.html
and
https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Changes_Made_to_DRAFT_Version_2.3
However, there appears to be some differences in the name and number of the ETSI criteria. My understanding is that ETSI TS 119 411 and ETSI EN 319 411 are equivalent. But CAs in some EU member states are required to use ETSI EN 319 411 instead of ETSI TS 119 411 (the ETSI standard).
So, should I update the bullet points as follows, to add '(or ETSI EN 319 411-...)'?
Or should I add two separate bullet points for ETSI EN 319 411-1 and ETSI EN 319 411-2?
~~
- Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-1 *(or ETSI EN 319 411-1)* V1.0.1 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements (as applicable to the "EVCP" and "EVCP+" certificate policies, DVCP and OVCP certificate policies for publicly trusted certificates - baseline requirements and any of the and any of the "NCP", "NCP+", or "LCP" certificate policies);
- Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-2 *(or ETSI EN 319 411-2)* V2.0.7 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates (only applicable to electronic signature certificate issuance; applicable to either "QCP-l" or "QCP-l-qscd" or "QCP-n" or ''QCP-n-qscd'' or ''QCP-w).
~~
I apologize for my delay in updating Mozilla's CA Certificate Policy. In the meantime, I will treat the changes in the draft version (http://mozilla.github.io/ca-policy/) as accepted. For instance, I will accept the new ETSI audit criteria even though it is only in the draft of version 2.3 of the policy.
Thanks,
Kathleen
I previously updated section 11 of the draft of version 2.3 of Mozilla's CA Certificate Inclusion Policy to reflect the new ETSI numbers.
Please see section 11 of
http://mozilla.github.io/ca-policy/InclusionPolicy.html
and
https://wiki.mozilla.org/CA:CertificatePolicyV2.3#Changes_Made_to_DRAFT_Version_2.3
However, there appears to be some differences in the name and number of the ETSI criteria. My understanding is that ETSI TS 119 411 and ETSI EN 319 411 are equivalent. But CAs in some EU member states are required to use ETSI EN 319 411 instead of ETSI TS 119 411 (the ETSI standard).
So, should I update the bullet points as follows, to add '(or ETSI EN 319 411-...)'?
Or should I add two separate bullet points for ETSI EN 319 411-1 and ETSI EN 319 411-2?
~~
- Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-1 *(or ETSI EN 319 411-1)* V1.0.1 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements (as applicable to the "EVCP" and "EVCP+" certificate policies, DVCP and OVCP certificate policies for publicly trusted certificates - baseline requirements and any of the and any of the "NCP", "NCP+", or "LCP" certificate policies);
- Clause 6 "Trust Service Providers practice" in ETSI TS 119 411-2 *(or ETSI EN 319 411-2)* V2.0.7 or later version Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates (only applicable to electronic signature certificate issuance; applicable to either "QCP-l" or "QCP-l-qscd" or "QCP-n" or ''QCP-n-qscd'' or ''QCP-w).
~~
I apologize for my delay in updating Mozilla's CA Certificate Policy. In the meantime, I will treat the changes in the draft version (http://mozilla.github.io/ca-policy/) as accepted. For instance, I will accept the new ETSI audit criteria even though it is only in the draft of version 2.3 of the policy.
Thanks,
Kathleen
inigo.b...@gmail.com
Apr 12, 2016, 4:46:59 AM4/12/16
to mozilla-dev-s...@lists.mozilla.org
will try to help
the ETSI TS 119 411 were created for the interim, meanwhile the ETSI EN 319 411 were published, but once these ENs are published, TSPs should use these.
Part 1 (411-1) is for the Publicly trusted certificates as defined by the CABF, so covering the BRs for DV and OV SSL certs, and EV guidelines for EV SSL cert. Plus some other certificate policies such as LCP, NCP, etc. This is basically the subsitute of the TS 102 042
Part 2 (411-2) is for qualified certificates to meet eIDAS requirements, for certificates issued to natural and legal persons as well as websites considered qualified. This is the substitue of the TS 101 456 and it´s based on part 1.
So, IMHO, I wouldn´t use the TS 119 411 and will have 2 bullets, one for part 1 and another one for part 2 for those TSPs that are going to issue qualified website certificates which are covered by this part 2.
Regards
0 new messages