[cabfcert_policy] CA vs. CA draft proposal
"Barreira Iglesias, Iñigo"
i-barreira at izenpe.eus
Tue Mar 29 09:09:10 MST 2016
What about TSP and then merge with the EU approach?
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.eus
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
-----Mensaje original-----
De: policyreview-bounces at cabforum.org [mailto:policyreview-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: jueves, 24 de marzo de 2016 15:43
Para: Ben Wilson; Peter Bowen; policyreview at cabforum.org
Asunto: Re: [cabfcert_policy] CA vs. CA draft proposal
After discussing this a bit, I'd prefer sticking to "CA" when using it as an adjective. Also, I still think it might be better to replace "CA," when talking about the entity, with either "CSP" or "CASP"--even if that means making sweeping changes throughout the guideline documents.
-----Original Message-----
From: policyreview-bounces at cabforum.org
[mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Thursday, March 24, 2016 7:58 AM
To: Peter Bowen <pzb at amzn.com>; policyreview at cabforum.org
Subject: Re: [cabfcert_policy] CA vs. CA draft proposal
Thanks! Let's discuss today.
-----Original Message-----
From: policyreview-bounces at cabforum.org
[mailto:policyreview-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Thursday, March 24, 2016 7:43 AM
To: policyreview at cabforum.org
Subject: [cabfcert_policy] CA vs. CA draft proposal
New Definitions:
Certificate Issuer (CI): An issuer of Certificates defined by a distinct Distinguished Name and Public Key
CI Certificate: A Certificate for which any of the following are true:
- A Basic Constraints extension is present and the cA component is set to TRUE
- A Key Usage extension is present and the keyCertSign bit is set
CI Key Pair: A Key Pair which has its Public Key included in a CI Certificate
Cross-Certificate: A CI certificate which is not a Self-Issued CI Certificate
End-entity Certificate: A Certificate which is not a CI Certificate
Root CI: A CI which is distributed by Application Software Suppliers as a trust anchor
Root CI Key Pair: A CI Key Pair which has its Public Key included in a Root Certificate
Root CI Certificate: A CI Certificate which contains the Public Key from a Root CI Key Pair
Self-Issued CI Certificate: A CI Certificate where the subject and issuer Distinguished Names match
Technically Constrained CI Certificate: A CI certificate which uses a combination of Extended Key Usage settings and Name Constraint settings to limit the scope within which CI may issue Subscriber or additional CI Certificates.
Modifications:
In section 3.1.5, insert the following text:
Each CI Public Key MUST be associated with a single distinct Distinguished Name. Each CI Distinguished Name MUST be associated with a single unique Public Key.
In section 4.3.1, append the following text:
A CA shall only issue a Self-Issued CI Certificate when the Private Key used by the CA to sign the Certificate corresponds to the Public Key that is certified within the Certificate.
<more to change CA to CI where appropriate> _______________________________________________
Policyreview mailing list
Policyreview at cabforum.org
https://cabforum.org/mailman/listinfo/policyreview
More information about the Policyreview
mailing list