Maintenance of the WebTrust seal requires an annual audit. The audit is of compliance with the CPS - so if there are issuing CAs - whether internal or external - covered by the CPS, then they part of those procedures.
The same is not true of ETSI - which is a standard not really an audit regime. So, if Mozilla is going to rely on "equivalent audits", then there should also be a requirement for yearly updates. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
