Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
Jump to navigation
Jump to search
→Whole-Population Audit of Intermediate Certs
| Line 50: | Line 50: | ||
[[File:BR-Audit-Scope.png | BR Audit Scope]] | [[File:BR-Audit-Scope.png | BR Audit Scope]] | ||
All | All root and intermediate certificates must be audited according to the Baseline Requirements, and end entity certificates may be audited on a sample basis. For the above diagram: | ||
* Root CA must be audited | * Public Root CA must be audited | ||
* Sub 1 which issues SSL would be subject to audit PLUS | * Sub CA 1 which issues SSL certificates would be subject to audit, PLUS its end-entity certificates would need to be audited at least on a sample basis | ||
* Sub 2 would be subject to audit, PLUS | * Sub CA 2, with an EKU that allows SSL certificates, would be subject to audit, PLUS its end-entity certificates as well to verify that no SSL certificates have been issued. | ||
* Sub 3, operated by ABC Corp, is subject to audit | * Sub CA 3, operated by ABC Corp, is subject to audit | ||
* Sub 3a PLUS its end-entity certs subject to audit | * Sub CA 3a PLUS its end-entity certs are subject to audit | ||
* Sub 3b is subject to audit, but not its end entity | * Sub CA 3b is subject to audit, but not its end-entity certificates because the EKU restricts to SMIME only | ||
* Sub 4 | * Sub CA 4, operated by XYZ Corp, is subject to audit, but not its end-entity certificates because Sub CA 4 is technically constrained in line with BRs | ||
== WebTrust BR Audit Statement == | == WebTrust BR Audit Statement == | ||