Eddy Nigg (StartCom Ltd.) wrote: > Could you please be so kind and provide me with the a URL or document of > the audit attestation of KPMG and what exactly it entails including > under which criteria the CA was audited?
The criteria were ETSI TS 101.456, as I believe I mentioned in the bug report. The public URLs confirming completion of the audit are listed in SwissSign's entry in the pending list, in the summary section; they're the links for "Swiss Accreditation Service" and "SAS details": http://www.seco.admin.ch/sas/00229/00251/index.html?lang=en http://www.seco.admin.ch/sas/00229/00251/00281/index.html?lang=en As I understand it KPMG does these audits on behalf of SAS, which is a Swiss government agency, and then SAS publishes the list of CAs that are thus accredited under Swiss law. I don't believe that SAS publishes a document comparable to the WebTrust for CAs "auditors' report on management assertions" (or whatever it's called). However you can ask Melanie Raemy of SwissSign about that; just post a comment in bug 343756 and she should see it. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
