Hi Frank, Frank Hecker wrote: > > The "Details SwissSignAG" page seems pretty clear that ETSI TS 101.456 > was (one of) the criteria used in the audit. Yes, I saw that under Certification Service Provider (CSP)...so if I understand you correctly, the standards listed under this section were the requirements used for the audit. In that case it's most likely that they do have a document confirming that by KPMG (actually I'd be very surprised if not) > I'm confused by your > question: Is your concern that SAS/KPMG used a variant of ETSI TS > 101.456, or a subset of it, or some other practice that did not actually > amount to an audit according to the ETSI TS 101.456 criteria? > Yes, the later would be my concern (ETSI TS 101.456 as the relevant criteria according to the Mozilla CA policy as opposed to "ZertES" as the criteria).
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
