[Cscwg-public] DSA SubCAs: are they allowed?
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Wed Sep 15 15:36:48 UTC 2021
I agree with Bruce. In principle we should avoid changing existing
requirements in cleanup-clarifications-restructuring ballots.
We also have no idea if removing the DSA algorithms would impact the
Oracle Java Root Program (I assume it would not).
On 15/9/2021 5:40 μ.μ., Bruce Morton via Cscwg-public wrote:
> Hi Corey,
> Although I assume there would be no impact, removing DSA seems to be
> out of scope for the format change.
> This seems like a minor change that we could cover in another ballot.
> We might even agree to add this to one of the ballots, which Ian is
> Perhaps we can discuss at next weeks call.
> Thanks, Bruce.
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org> *On Behalf Of
> *Corey Bonnell via Cscwg-public
> *Sent:* Wednesday, September 15, 2021 9:52 AM
> *To:* Corey Bonnell <Corey.Bonnell at digicert.com>;
> cscwg-public at cabforum.org
> *Subject:* [EXTERNAL] Re: [Cscwg-public] DSA SubCAs: are they allowed?
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know
> the content is safe.
> My bad, forgot to add this to the bottom of the message:
> *From:* Cscwg-public <cscwg-public-bounces at cabforum.org
> <mailto:cscwg-public-bounces at cabforum.org>> *On Behalf Of *Corey
> Bonnell via Cscwg-public
> *Sent:* Wednesday, September 15, 2021 9:50 AM
> *To:* cscwg-public at cabforum.org <mailto:cscwg-public at cabforum.org>
> *Subject:* [Cscwg-public] DSA SubCAs: are they allowed?
> In removing the algorithm encoding requirements from the RFC 3647
> draft CSBRs
> I encountered a potential inconsistency/ambiguity in the current CSBRs
> and Microsoft Root Program requirements. Appendix A of the current
> CSBRs allows for Roots and SubCAs to use a DSA key pair, but section B
> of the Microsoft Root Program  requirements for Roots and SubCAs
> seemingly do not by omission of DSA entirely.
> Given this, is it safe to conclude that the Microsoft Root Program
> currently prohibits DSA Roots and SubCAs? If so, can we disallow DSA
> ICAs in the RFC 3647 CSBRs to mirror the Microsoft Root Program
> /Any email and files/attachments transmitted with it are confidential
> and are intended solely for the use of the individual or entity to
> whom they are addressed. If this message has been sent to you in
> error, you must not copy, distribute or disclose of the information it
> contains. _Please notify Entrust immediately_ and delete the message
> from your system./
> Cscwg-public mailing list
> Cscwg-public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cscwg-public