Eddy Nigg (StartCom Ltd.) wrote: > I've visited that page you are pointing me obviously. However this page > also says: > > "The standards ETSI TS 101.456 (Europe) and ANSI X9.79 (USA, Canada) > *may* also serve *as a basis* for the certification of a Public Key > Infrastructure (PKI) respectively a Certification Service Provider (CSP)." > > I would be interested to know which criteria was used by the auditor for > auditing this CA before studying the "Bundesgesetz über die > elektronische Signatur (ZertES)" more in detail.
The "Details SwissSignAG" page seems pretty clear that ETSI TS 101.456 was (one of) the criteria used in the audit. I'm confused by your question: Is your concern that SAS/KPMG used a variant of ETSI TS 101.456, or a subset of it, or some other practice that did not actually amount to an audit according to the ETSI TS 101.456 criteria? Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
