Hi Frank, I've visited that page you are pointing me obviously. However this page also says:
"The standards ETSI TS 101.456 (Europe) and ANSI X9.79 (USA, Canada) *may* also serve *as a basis* for the certification of a Public Key Infrastructure (PKI) respectively a Certification Service Provider (CSP)." I would be interested to know which criteria was used by the auditor for auditing this CA before studying the "Bundesgesetz über die elektronische Signatur (ZertES)" more in detail. Frank Hecker wrote: > Eddy Nigg (StartCom Ltd.) wrote: > >> Could you please be so kind and provide me with the a URL or document of >> the audit attestation of KPMG and what exactly it entails including >> under which criteria the CA was audited? >> > > The criteria were ETSI TS 101.456, as I believe I mentioned in the bug > report. The public URLs confirming completion of the audit are listed in > SwissSign's entry in the pending list, in the summary section; they're > the links for "Swiss Accreditation Service" and "SAS details": > > http://www.seco.admin.ch/sas/00229/00251/index.html?lang=en > http://www.seco.admin.ch/sas/00229/00251/00281/index.html?lang=en > > As I understand it KPMG does these audits on behalf of SAS, which is a > Swiss government agency, and then SAS publishes the list of CAs that are > thus accredited under Swiss law. > > I don't believe that SAS publishes a document comparable to the WebTrust > for CAs "auditors' report on management assertions" (or whatever it's > called). However you can ask Melanie Raemy of SwissSign about that; just > post a comment in bug 343756 and she should see it. > > Frank > > -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
