[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

Jeremy Rowley jeremy.rowley at digicert.com
Fri Nov 16 23:06:54 UTC 2012

The language in Section 9.2.1 permits MDCs containing separate registered domains if the owner of the registered domains are the same.  In that case, the owner of the domain doesn’t need to be listed in the certificate.  


For example, if digicert.com and example.com are both owned by DigiCert, then subject information is not required because relying parties can readily identify a single entity as controlling the private keys for all of the listed domains.




From: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Friday, November 16, 2012 3:52 PM
To: public at cabforum.org
Cc: 'CABForum Management'
Subject: Re: [cabfman] [cabfpub] Ballot 92 - Subject Alternative Names


On 11/16/2012 07:42 PM, From Jeremy Rowley: 

I would say the intent is to ensure that there is a legitimate party behind each certificate and reduce the risks associated with what we consider a high risk practice (as shown in the example I previously provided).  OV is not required if the owner of the domain names listed in the certificate is the same.

I've just come across your reply here and probably the last sentence doesn't make any sense.

If the owner of the domain names is listed in the certificate, it's probably and IV or OV certificate. So it's there already... :S




Eddy Nigg, COO/CTO


StartCom Ltd. <http://www.startcom.org> 


startcom at startcom.org


Join the Revolution! <http://blog.startcom.org> 


Follow Me <http://twitter.com/eddy_nigg> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121116/b7fbb3a5/attachment-0004.html>

More information about the Public mailing list