<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 03/10/2015 08:31 AM, Geoff Keating
wrote:<br>
</div>
<blockquote
cite="mid:924B9C20-ECE6-4605-A358-66CBE84E2A82@apple.com"
type="cite">Perhaps you could make the common name something like
"DigiCert issuing for Customer Name, Inc." or similar?<br>
</blockquote>
<br>
I don't think this is a good idea - I believe the organization name
should correctly identify the company to whom the certificate was
issued. <br>
<br>
When we issue a certificate to an end-user we correctly identify
that entity (in the verified settings). If we issue an intermediate
CA to an external entity why should this be any different? We should
identify the entity we validated and for whom we issued the
intermediate CA certificate (even if that entity doesn't control the
private key, e.g. a manged and controlled solution by the parent
CA).<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>