[Cscwg-public] Code sign BR 11.1.1 (4.)
Bruce Morton
Bruce.Morton at entrust.com
Tue Jul 13 17:47:43 UTC 2021
For 11.1.1 (4), the part "If the Subject's or Subject's Affiliate's, Parent Company's, or Subsidiary Company's date of formation, as indicated by either a QIIS or QGIS, was less than three years prior to the date of the Certificate Request" is to ensure that the Subject or the entity used to verify the Subject was formed greater than 3 years ago. If both were less than 3 years, then the CA "verify the identity of the Certificate Requester."
So I believe that **at least one of** is the correct interpretation, but should only be applied to the Subject or the entity used to verify the Subject.
Bruce.
From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Dean Coclin via Cscwg-public
Sent: Saturday, July 10, 2021 12:23 PM
To: cscwg-public at cabforum.org
Subject: [EXTERNAL] [Cscwg-public] Code sign BR 11.1.1 (4.)
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Posting for Tadahiko:
Hi
This is Tadahiko from SECOM
I have a question on Code sign BR 11.1.1 (4.)
>> 11.1 Verification for Non-EV Code Signing Certificates
>> 11.1.1 Verification of Organizational Applicants 4. If the Subject's
>> or Subject's Affiliate's, Parent Company's, or Subsidiary Company's
>> date of formation, as indicated by either a QIIS or QGIS, was less
>> than three years prior to the date of the Certificate Request, verify
>> the identity of the Certificate Requester.
For me, it seems to be written as following.
Identity Verification (of 11.1.2) is necessary unless, **all of** "Subject's and Subject's Affiliate's, Parent Company's, and Subsidiary Company's date of formation" are more than three years prior to the date of the Certificate Request.
However, I felt like it should be following.
Identity Verification is necessary unless, **at least one of** "Subject's and Subject's Affiliate's, Parent Company's, and Subsidiary Company's date of formation" are more than three years prior to the date of the Certificate Request.
Could you tell me which interpretation is correct?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210713/22266cd9/attachment.html>
More information about the Cscwg-public
mailing list