[cabfcert_policy] CA vs. CAO
Dimitris Zacharopoulos
jimmy at it.auth.gr
Wed Nov 23 05:20:22 MST 2016
On 23/11/2016 2:04 μμ, Moudrick M. Dadashov via Policyreview wrote:
> Hi Peter,
>
> actually the term "Certification service provider" is no longer used
> and replaced by far more generic “Trust Service Provider”.
>
> Thanks,
> M.D.
>
Right. The "specific meanings" in EU directives are actually quite broad
:) Even if you only operate and offer Time Stamping services, you can be
considered a TSP. The BRs give more elements to the "CA" term then what
it is used in other standards. This creates confusion which IMHO the
term "TSP" has resolved. Normally, the "CA" would be a unit limited to
exchanging information between other TSP units (for example RAs) and
performing/managing all certificate cryptographic operations. That
probably requires a separate discussion.
Dimitris.
> On 11/22/2016 9:13 PM, Peter Bowen wrote:
>> +1
>>
>> It looks like “Certification Service Provider” and “Trust Service
>> Provider” have specific meanings in EU directives and regulations, so
>> I think we should avoid these terms
>>
>>> On Nov 22, 2016, at 7:20 AM, Tim Hollebeek <THollebeek at trustwave.com
>>> <mailto:THollebeek at trustwave.com>> wrote:
>>>
>>> I agree with this, though I would oppose TSP on the grounds that it
>>> introduces a potential for confusion between a European term that
>>> has a very specific meaning, and the more generic definition of a CA.
>>> -Tim
>>> *From:*Policyreview [mailto:policyreview-bounces at cabforum.org]*On
>>> Behalf Of*Dimitris Zacharopoulos
>>> *Sent:*Monday, November 21, 2016 4:11 PM
>>> *To:*Ben Wilson;policyreview at cabforum.org
>>> <mailto:policyreview at cabforum.org>
>>> *Subject:*Re: [cabfcert_policy] CA vs. CAO
>>>
>>>
>>> First of all, sorry I missed the last call. This topic was discussed
>>> in previous F2F meetings and on several occasions. I believe that
>>> nobody wants to go over changing every document that has the term
>>> "CA" and change it to "CAO". If we are to do such a big change, I
>>> would vote to use the term "Trust Service Provider - TSP" in order
>>> to align with the European model.
>>>
>>> The majority of the CAs and auditors have linked the term "CA" with
>>> an "organization". That's why it was agreed (on past meetings) that
>>> we will not try to change the meaning of the term "CA" to mean
>>> anything else but that of an organization. Instead, we would try to
>>> use this term consistently (to refer to an organization) and
>>> introduce changes to the other instances to mean something else.
>>> That would introduce fewer changes in the BRs and EV guidelines.
>>>
>>>
>>> Dimitris.
>>>
>>> On 21/11/2016 10:47 μμ, Ben Wilson wrote:
>>>
>>> On our most recent call, Peter Bowen and I again discussed use
>>> of “CA” vs. something else. (Back on May 5^th I sent out a
>>> proposed “straw poll” to this group, but I don’t think I ever
>>> sent it to the public list.) Peter and I like the term “CA
>>> Operator” or abbreviated, “CAO”. The only downside, which is a
>>> big one – I’ll admit, is that the term “CA” seems to be used
>>> pervasively within the Forum and elsewhere to refer to the
>>> entity that operates a CA.
>>> Following our last call, I started to do a replacement of CA
>>> with CAO to see how it would look/work, but I stopped because
>>> there would be many instances to replace and I wanted to get
>>> more of a consensus from this group and potentially the public
>>> list.
>>> Thoughts?
>>> Ben
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> Policyreview mailing list
>>>
>>> Policyreview at cabforum.org <mailto:Policyreview at cabforum.org>
>>>
>>> https://cabforum.org/mailman/listinfo/policyreview
>>> <https://scanmail.trustwave.com/?c=4062&d=--Kz2PTP0JUleZRp1v2t7Xfr51q89GxOigDNXuQc8g&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> This transmission may contain information that is privileged,
>>> confidential, and/or exempt from disclosure under applicable law. If
>>> you are not the intended recipient, you are hereby notified that any
>>> disclosure, copying, distribution, or use of the information
>>> contained herein (including any reliance thereon) is strictly
>>> prohibited. If you received this transmission in error, please
>>> immediately contact the sender and destroy the material in its
>>> entirety, whether in electronic or hard copy format.
>>> _______________________________________________
>>> Policyreview mailing list
>>> Policyreview at cabforum.org <mailto:Policyreview at cabforum.org>
>>> https://cabforum.org/mailman/listinfo/policyreview
>>
>>
>>
>> _______________________________________________
>> Policyreview mailing list
>> Policyreview at cabforum.org
>> https://cabforum.org/mailman/listinfo/policyreview
>
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20161123/0369db62/attachment-0001.html>
More information about the Policyreview
mailing list