[cabfpub] BR Issue 7

Yngve N. Pettersen (Developer Opera Software ASA) yngve at opera.com
Tue Nov 6 18:18:51 UTC 2012

On Tue, 06 Nov 2012 19:01:03 +0100, Paul Tiemann  
<paul.tiemann.usenet at gmail.com> wrote:

> +1 to what Rob said.
> We recently were faced with the question of including AIA:caIssuer in a  
> sub CA and decided against it because we couldn't identify any benefit.   
> If a browser client doesn't trust the root that the sub CA came from,  
> it's not likely to change its mind and begin to trust the root just  
> because it can more easily locate the file online.

The benefit is that users will be able to visit all of your customer's  
secure web sites even if the web site administrator forgot to include your  
intermediate CA certificate when they installed their certificate.

Yngve N. Pettersen
Senior Developer		     Email: yngve at opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 96 90 41 51              Fax:    +47 23 69 24 01

More information about the Public mailing list