[cabfcert_policy] 3 approached to br 6.1.1.1

Richard Smith rich at comodoca.com
Thu Jun 14 12:27:37 MST 2018 

See attached PDF with 3 different redlined approaches.  

 

First Approach: Replace CA (Organization) with TSP so that CA refers ONLY to
certificates.

Second Approach:  Keep existing definition of Certification Authority as an
Organization and just clarify usage of CA to make it clear which refers to
the Organization and which refers to the certificate.

Third Approach: Add definition for TSP, change but keep definition of
Certification Authority.

 

The one approach I didn't fully take in the doc because I wanted to leave
the existing wording mostly intact is to modify this:

 

From:

(ii) Key Pairs generated for a subordinate CA that is not the operator of
the Root CA or an Affiliate of the Root CA

 

To:

(ii) Key Pairs which will not be operated by the CA or its affiliates

 

6.1.1.1 is pretty badly worded even now, so I'm not sure it's the best
example to use as a demonstration, but it definitely contains some inherent
complexity that will need to be handled in any case.

 

I still think the best approach is to get rid of Certification Authority/CA
as a referring to the organization and go entirely with TSP.  We should sit
down with those who expressed the strongest objections to that and figure
out if we can address their concerns and sell it.  If we can't sell it then
IMO we should abandon this initiative and leave the BRs as they are.  I
think introducing the TSP term to talk about the organization while keeping
the (modified) definition of Certification Authority/CA to also talk about
an organization will only add more confusion.

 

Regards,

Rich Smith

Senior Compliance Manager

ComodoCA.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20180614/ee3e2b40/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BR 6.1.1.1.pdf
Type: application/pdf
Size: 375388 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/policyreview/attachments/20180614/ee3e2b40/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5705 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/policyreview/attachments/20180614/ee3e2b40/attachment-0001.p7s>

More information about the Policyreview mailing list