[cabfcert_policy] CA vs. CAO

Dimitris Zacharopoulos jimmy at it.auth.gr
Wed Nov 23 05:20:22 MST 2016 

On 23/11/2016 2:04 μμ, Moudrick M. Dadashov via Policyreview wrote:
> Hi Peter,
>
> actually the term "Certification service provider" is no longer used 
> and replaced by far more generic “Trust Service Provider”.
>
> Thanks,
> M.D.
>

Right. The "specific meanings" in EU directives are actually quite broad 
:) Even if you only operate and offer Time Stamping services, you can be 
considered a TSP. The BRs give more elements to the "CA" term then what 
it is used in other standards. This creates confusion which IMHO the 
term "TSP" has resolved. Normally, the "CA" would be a unit limited to 
exchanging information between other TSP units (for example RAs) and 
performing/managing all certificate cryptographic operations. That 
probably requires a separate discussion.

Dimitris.


> On 11/22/2016 9:13 PM, Peter Bowen wrote:
>> +1
>>
>> It looks like “Certification Service Provider” and “Trust Service 
>> Provider” have specific meanings in EU directives and regulations, so 
>> I think we should avoid these terms
>>
>>> On Nov 22, 2016, at 7:20 AM, Tim Hollebeek <THollebeek at trustwave.com 
>>> <mailto:THollebeek at trustwave.com>> wrote:
>>>
>>> I agree with this, though I would oppose TSP on the grounds that it 
>>> introduces a potential for confusion between a European term that 
>>> has a very specific meaning, and the more generic definition of a CA.
>>> -Tim
>>> *From:*Policyreview [mailto:policyreview-bounces at cabforum.org]*On 
>>> Behalf Of*Dimitris Zacharopoulos
>>> *Sent:*Monday, November 21, 2016 4:11 PM
>>> *To:*Ben Wilson;policyreview at cabforum.org 
>>> <mailto:policyreview at cabforum.org>
>>> *Subject:*Re: [cabfcert_policy] CA vs. CAO
>>>
>>>
>>> First of all, sorry I missed the last call. This topic was discussed 
>>> in previous F2F meetings and on several occasions. I believe that 
>>> nobody wants to go over changing every document that has the term 
>>> "CA" and change it to "CAO". If we are to do such a big change, I 
>>> would vote to use the term "Trust Service Provider - TSP" in order 
>>> to align with the European model.
>>>
>>> The majority of the CAs and auditors have linked the term "CA" with 
>>> an "organization". That's why it was agreed (on past meetings) that 
>>> we will not try to change the meaning of the term "CA" to mean 
>>> anything else but that of an organization. Instead, we would try to 
>>> use this term consistently (to refer to an organization) and 
>>> introduce changes to the other instances to mean something else. 
>>> That would introduce fewer changes in the BRs and EV guidelines.
>>>
>>>
>>> Dimitris.
>>>
>>> On 21/11/2016 10:47 μμ, Ben Wilson wrote:
>>>
>>>     On our most recent call, Peter Bowen and I again discussed use
>>>     of “CA” vs. something else.  (Back on May 5^th I sent out a
>>>     proposed “straw poll” to this group, but I don’t think I ever
>>>     sent it to the public list.)  Peter and I like the term “CA
>>>     Operator” or abbreviated, “CAO”.  The only downside, which is a
>>>     big one – I’ll admit, is that  the term “CA” seems to  be used
>>>     pervasively within the Forum and elsewhere to refer to  the
>>>     entity that  operates a CA.
>>>     Following our last call, I started to do a replacement of CA
>>>     with CAO to see how it would look/work, but I stopped because
>>>     there would be many instances to replace and I wanted to get
>>>     more of a consensus from  this group and potentially the public
>>>     list.
>>>     Thoughts?
>>>     Ben
>>>
>>>
>>>
>>>     _______________________________________________
>>>
>>>     Policyreview mailing list
>>>
>>>     Policyreview at cabforum.org <mailto:Policyreview at cabforum.org>
>>>
>>>     https://cabforum.org/mailman/listinfo/policyreview
>>>     <https://scanmail.trustwave.com/?c=4062&d=--Kz2PTP0JUleZRp1v2t7Xfr51q89GxOigDNXuQc8g&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> This transmission may contain information that is privileged, 
>>> confidential, and/or exempt from disclosure under applicable law. If 
>>> you are not the intended recipient, you are hereby notified that any 
>>> disclosure, copying, distribution, or use of the information 
>>> contained herein (including any reliance thereon) is strictly 
>>> prohibited. If you received this transmission in error, please 
>>> immediately contact the sender and destroy the material in its 
>>> entirety, whether in electronic or hard copy format.
>>> _______________________________________________
>>> Policyreview mailing list
>>> Policyreview at cabforum.org <mailto:Policyreview at cabforum.org>
>>> https://cabforum.org/mailman/listinfo/policyreview
>>
>>
>>
>> _______________________________________________
>> Policyreview mailing list
>> Policyreview at cabforum.org
>> https://cabforum.org/mailman/listinfo/policyreview
>
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20161123/0369db62/attachment-0001.html>

More information about the Policyreview mailing list