[cabfcert_policy] Recap of Yesterday's Meeting

Ben Wilson ben.wilson at digicert.com
Wed Feb 17 08:33:23 MST 2016 

Here is my report on yesterday's F2F meeting

 

The group looked into requests by several members that the Baseline
Requirements and EV Guidelines be amended to address what should be in the
locality field and the state/province field when the Subject's country does
not have  those political subdivisions, the organization is chartered or
operated at the  national level, or other similar situations.  Examples
discussed included:  U.S. Government entities, entities in Singapore,
Taiwan, Greece, Vatican City, etc.  The consensus of the group was that for
the Baseline Requirements (see BR Section 7.1.4.2.2. subsections d. and e.),
it is not an insurmountable hurdle for to have a locality or state/province
for the physical location (and jurisdiction of organization is not an issue
like it might be under the EV Guidelines) and moreover, that for the EV
Guidelines, Section 9.2.5 adequately describes how  to handle the use case
scenarios presented in the requests made-i.e., for an entity chartered at
the  national level, the locality and state/province are omitted.  

 

The group also reviewed section 7.1 and addressed serial number entropy.
Suggested language was 

 

"Serial numbers for certificates must be greater than zero  (0).

For End Entity Certificates and Certificates issued to Intermediate CAs
after ________, CAs MUST use a Certificate serialNumber containing at least
64 unpredictable bits."   

 

The group decided we need a definition for  "End Entity Certificate" and
that we should review our  documents and use the term "End Entity" instead
of Subscriber when needed to distinguish end entities from subscribers who
are subordinate  CAs.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160217/f6415832/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160217/f6415832/attachment.bin

More information about the Policyreview mailing list