Ballot 223 – Update BR Section 8.4 for CA audit criteria

Ballot overview

• Ballot 223 updates Baseline Requirements section 8.4 for CA audit criteria.
• The stated goals are to remove old ETSI TS documents and align WebTrust and ETSI requirements.
• The ballot text says the ballot passed.

Voting results

• CA voting: 24 yes, 0 no, 0 abstain.
• Browser voting: 5 yes, 0 no, 0 abstain.
• Quorum was met with 29 total votes.
• The ballot met the approval thresholds for both CA and browser votes.
• At least one CA member and one browser member voted in favor, satisfying adoption requirements.

Proposed rule changes

• Replace the first two numbered items in section 8.4 with updated audit criteria.
• The new criteria reference:
  • WebTrust for CAs v2.0 or newer
  • WebTrust for CAs SSL Baseline with Network Security v2.2 or newer
  • ETSI EN 319 411-1, including normative references to ETSI EN 319 401
• The ballot text states that WebTrust for Certification Authorities is equivalent to ETSI EN 319 401, and that the WebTrust SSL Baseline plus WebTrust for Certification Authorities is equivalent to ETSI EN 319 411-1.

Timing and effectiveness

• Discussion period: 2018-04-30 to 2018-05-07
• Voting period: 2018-05-08 to 2018-05-15
• If approved, a 30-day review period follows the Chair’s review notice.
• If no Exclusion Notices are filed, the ballot becomes effective at the end of the review period.
• If Exclusion Notices are filed, ballot approval is rescinded and a PAG is to be created.