On Tue, May 11, 1999 at 07:19:42PM +0200, Stefan Kelm wrote:
> This is a problem with the TeleSec certificates. I'm not sure about the
> details but I've spoken to both TeleSec and the BSI ("Bundesamt fuer
> Sicherheit in der Informationstechnik" www.bsi.de) about this problem.
> They are aware of the bug but I don't think they'll change anything because
> of the changes to their (evaluated) software that would be necessary.
According to § 17 (3) SigV,
[...] stellt sich heraus, daß bestätigte technische Komponenten
nicht ausreichend geprüft wurden oder Anforderungen nicht erfüllen,
so kann die zuständige Behörde erteilte Bestätigungen für ungültig
erklären.
Does DIN EN 45011 apply to SigG certification for devices and
products? If so, what are the SigG Certification Bodies' (<URL:
http://www.bsi.de/aufgaben/projekte/pbdigsig/main/pub.htm>) "documented
procedures for withdrawal of licences, certificates and marks of
conformity" when it comes to violation of functionality specifications
(violation of the standards for BER, in this case)?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
