[cabfcert_policy] CA vs. CAO

Tim Hollebeek THollebeek at trustwave.com
Wed Nov 23 08:19:09 MST 2016 

Right.  That’s another argument against using TSP.  A TSP need not even be a CA, as they need not issue certificates.  I’m pretty sure many of the usages of CA in the BRs would be impossible to interpret or even nonsensical for an organization that doesn’t issue certificates.

Such an organization is not in scope for the BRs, of course, but it shows why using a looser definition could cause significant misunderstandings and doesn’t add any clarity.

-Tim

From: Dimitris Zacharopoulos [mailto:jimmy at it.auth.gr]
Sent: Wednesday, November 23, 2016 7:20 AM
To: Moudrick M. Dadashov; Peter Bowen; Tim Hollebeek
Cc: policyreview at cabforum.org
Subject: Re: [cabfcert_policy] CA vs. CAO

On 23/11/2016 2:04 μμ, Moudrick M. Dadashov via Policyreview wrote:
Hi Peter,

actually the term "Certification service provider" is no longer used and replaced by far more generic “Trust Service Provider”.

Thanks,
M.D.

Right. The "specific meanings" in EU directives are actually quite broad :) Even if you only operate and offer Time Stamping services, you can be considered a TSP. The BRs give more elements to the "CA" term then what it is used in other standards. This creates confusion which IMHO the term "TSP" has resolved. Normally, the "CA" would be a unit limited to exchanging information between other TSP units (for example RAs) and performing/managing all certificate cryptographic operations. That probably requires a separate discussion.

Dimitris.



On 11/22/2016 9:13 PM, Peter Bowen wrote:
+1

It looks like “Certification Service Provider” and “Trust Service Provider” have specific meanings in EU directives and regulations, so I think we should avoid these terms

On Nov 22, 2016, at 7:20 AM, Tim Hollebeek <THollebeek at trustwave.com<mailto:THollebeek at trustwave.com>> wrote:

I agree with this, though I would oppose TSP on the grounds that it introduces a potential for confusion between a European term that has a very specific meaning, and the more generic definition of a CA.

-Tim

From: Policyreview [mailto:policyreview-bounces at cabforum.org] On Behalf Of Dimitris Zacharopoulos
Sent: Monday, November 21, 2016 4:11 PM
To: Ben Wilson; policyreview at cabforum.org<mailto:policyreview at cabforum.org>
Subject: Re: [cabfcert_policy] CA vs. CAO


First of all, sorry I missed the last call. This topic was discussed in previous F2F meetings and on several occasions. I believe that nobody wants to go over changing every document that has the term "CA" and change it to "CAO". If we are to do such a big change, I would vote to use the term "Trust Service Provider - TSP" in order to align with the European model.

The majority of the CAs and auditors have linked the term "CA" with an "organization". That's why it was agreed (on past meetings) that we will not try to change the meaning of the term "CA" to mean anything else but that of an organization. Instead, we would try to use this term consistently (to refer to an organization) and introduce changes to the other instances to mean something else. That would introduce fewer changes in the BRs and EV guidelines.


Dimitris.
On 21/11/2016 10:47 μμ, Ben Wilson wrote:
On our most recent call, Peter Bowen and I again discussed use of “CA” vs. something else.  (Back on May 5th I sent out a proposed “straw poll” to this group, but I don’t think I ever sent it to the public list.)  Peter and I like the term “CA Operator” or abbreviated, “CAO”.  The only downside, which is a big one – I’ll admit, is that  the term “CA” seems to  be used pervasively within the Forum and elsewhere to refer to  the entity that  operates a CA.
Following our last call, I started to do a replacement of CA with CAO to see how it would look/work, but I stopped because there would be many instances to replace and I wanted to get more of a consensus from  this group and potentially the public list.
Thoughts?
Ben





_______________________________________________

Policyreview mailing list

Policyreview at cabforum.org<mailto:Policyreview at cabforum.org>

https://cabforum.org/mailman/listinfo/policyreview<https://scanmail.trustwave.com/?c=4062&d=8Im12JMZ4gIB42sNb8zeAabb6qUkbOxDT_jqvqlXow&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________
Policyreview mailing list
Policyreview at cabforum.org<mailto:Policyreview at cabforum.org>
https://cabforum.org/mailman/listinfo/policyreview<https://scanmail.trustwave.com/?c=4062&d=8Im12JMZ4gIB42sNb8zeAabb6qUkbOxDT_jqvqlXow&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>





_______________________________________________

Policyreview mailing list

Policyreview at cabforum.org<mailto:Policyreview at cabforum.org>

https://cabforum.org/mailman/listinfo/policyreview<https://scanmail.trustwave.com/?c=4062&d=8Im12JMZ4gIB42sNb8zeAabb6qUkbOxDT_jqvqlXow&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>





_______________________________________________

Policyreview mailing list

Policyreview at cabforum.org<mailto:Policyreview at cabforum.org>

https://cabforum.org/mailman/listinfo/policyreview<https://scanmail.trustwave.com/?c=4062&d=8Im12JMZ4gIB42sNb8zeAabb6qUkbOxDT_jqvqlXow&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpolicyreview>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20161123/34d4d4b2/attachment-0001.html>

More information about the Policyreview mailing list