(In reply to Antonio from comment #134)
> Indeed, new version of CPS and PC that are within the scope of the
> certification will comply with the requirement of the “WebTrust SM/TM for
> Certification Authorities WebTrust Principles and Criteria for Certification
> Authorities - SSL Baseline with Network Security”. However, for the sake of
> coherence, it was not possible to consider such statement but after
> finishing the audit.
>
> It will be included the following text:
>
> FNMT-RCM conforms to the current version of the Baseline Requirements for
> the Issuance and Management of Publicly-Trusted Certificates published at
> https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf. In the event of any
> inconsistency between this document and those Requirements, those
> Requirements take precedence over this document.
>
> We remain at your disposal for any further clarification concerning this
> topic.
Please clarify if you intend to add that statement to the CP/CPS, or if you are saying it will be part of the audit statement only.
(In reply to Antonio from comment #134) /cabforum. org/wp- content/ uploads/ BRv1.2. 3.pdf. In the event of any
> Indeed, new version of CPS and PC that are within the scope of the
> certification will comply with the requirement of the “WebTrust SM/TM for
> Certification Authorities WebTrust Principles and Criteria for Certification
> Authorities - SSL Baseline with Network Security”. However, for the sake of
> coherence, it was not possible to consider such statement but after
> finishing the audit.
>
> It will be included the following text:
>
> FNMT-RCM conforms to the current version of the Baseline Requirements for
> the Issuance and Management of Publicly-Trusted Certificates published at
> https:/
> inconsistency between this document and those Requirements, those
> Requirements take precedence over this document.
>
> We remain at your disposal for any further clarification concerning this
> topic.
Please clarify if you intend to add that statement to the CP/CPS, or if you are saying it will be part of the audit statement only.
For reference, I asked in the discussion forum about having the BR commitment to comply in the audit statement only: /groups. google. com/d/msg/ mozilla. dev.security. policy/ wsw2G-PFKiA/ akU0bhzN8MMJ
https:/
It looks to me like the answer will be that it needs to be in the CP/CPS. You are welcome to participate in that discussion.