Copy link to clipboard
Copied
Per Adobe Approved Trust List , there is a new (Version 2.0) of the AATL technical requirements. Can we find out what changed and why?
V1 requirements were imprecise and left a lot of gray areas. These are greatly reorganized in V2, passing from a "single phrase bullets list" to a complete paragraph with lots of details for each requirements, organized under 4 categories: General, End User, Issuing CA and upper CA.
As for the why, this is taken directly from the email we received: "These updates are meant to clarify the responsibilities of each of the parties in the trust chain and ensure that the technical requirements accurat
...Copy link to clipboard
Copied
V1 requirements were imprecise and left a lot of gray areas. These are greatly reorganized in V2, passing from a "single phrase bullets list" to a complete paragraph with lots of details for each requirements, organized under 4 categories: General, End User, Issuing CA and upper CA.
As for the why, this is taken directly from the email we received: "These updates are meant to clarify the responsibilities of each of the parties in the trust chain and ensure that the technical requirements accurately reflect current best practices for certificate authorities and trust services providers everywhere".
Ultimately you will have to go through the requirements one by one. If you are a future candidate, or a current one, you will have to do a self assessment to be upgraded to V2. It seems V1 will be phased out in the next few months.
One requirement which could be major for some is ICA5 concerning the enrollment process. In particular, strong identity proofing by in person or secure video conference, specific requirements when subject is an organization or employee, sequence of actions (identity verification, request approval, certificate generation, secure delivery to subject), etc.