<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Arial Unicode MS","sans-serif";
color:#1F497D;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=ZH-CN link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-family:"Arial Unicode MS","sans-serif";color:#1F497D'>+1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Arial Unicode MS","sans-serif";color:#1F497D'>Yes, we can treat issuing intermediate certificate same as to end user certificate that verify the identity and name it in O and CN field.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Arial Unicode MS","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Arial Unicode MS","sans-serif";color:#1F497D'>Richard<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Arial Unicode MS","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Eddy Nigg<br><b>Sent:</b> Tuesday, March 10, 2015 9:56 AM<br><b>To:</b> Geoff Keating; Jeremy Rowley<br><b>Cc:</b> CABFPub<br><b>Subject:</b> Re: [cabfpub] Intermediate certificate names<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>On 03/10/2015 08:31 AM, Geoff Keating wrote:<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span lang=EN-US>Perhaps you could make the common name something like "DigiCert issuing for Customer Name, Inc." or similar?<o:p></o:p></span></p></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><br>I don't think this is a good idea - I believe the organization name should correctly identify the company to whom the certificate was issued. <br><br>When we issue a certificate to an end-user we correctly identify that entity (in the verified settings). If we issue an intermediate CA to an external entity why should this be any different? We should identify the entity we validated and for whom we issued the intermediate CA certificate (even if that entity doesn't control the private key, e.g. a manged and controlled solution by the parent CA).<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US>-- <o:p></o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>Regards <o:p></o:p></span></p></td></tr><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>Signer: <o:p></o:p></span></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>Eddy Nigg, COO/CTO<o:p></o:p></span></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US><a href="http://www.startcom.org">StartCom Ltd.</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>XMPP: <o:p></o:p></span></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>Blog: <o:p></o:p></span></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US><a href="http://blog.startcom.org">Join the Revolution!</a><o:p></o:p></span></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US>Twitter: <o:p></o:p></span></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US><a href="http://twitter.com/eddy_nigg">Follow Me</a><o:p></o:p></span></p></td></tr><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p></div></div></body></html>