[cabfpub] Updated CABF Document

[Rick Andrews]

CABF,

At the Gjovik meeting, Tim suggested that I update the "Guidance to Application Developers" doc at http://www.cabforum.org/Guidelines_for_the_processing_of_EV_certificates%20v1_0.pdf. I've completed a redlined draft, attached.

Several comments:
-       I changed the word "guidelines" to "requirements" in several places, for these reasons:
o       The document had a mix of both words; it already said "requirements" in many places
o       It's been over five years since we started issuing EV certs; that should be enough time for all browsers and other clients to comply
-       I updated/added text as needed to fill out what I believe to be the checks needed in order to grant "the EV treatment" (note that these were based on what I recall from working with folks at Microsoft; I don't know if all browsers do these):
o       Successful PKIX path validation, including policy extension checks (RFC 5280)
o       All certs in the chain are valid (also mandated by RFC 5280)
o       EV OID associated with the CSP is found in the EV certificate
-       Limited the document to EV SSL, not EV Code Signing

I'd like to hear comments before I try to get this accepted by a ballot. Thanks,

-Rick



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120724/ef8195b6/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Requirements for the processing of EV SSL certificates.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 33982 bytes
Desc: Requirements for the processing of EV SSL	certificates.docx
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120724/ef8195b6/attachment-0001.docx>