[cabfpub] [cabfman] Ballot 92 - Subject Alternative Names

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Nov 16 23:19:23 UTC 2012

On 11/17/2012 01:06 AM, From Jeremy Rowley:
> The language in Section 9.2.1 permits MDCs containing separate 
> registered domains if the owner of the registered domains are the 
> same.  In that case, the owner of the domain doesn’t need to be listed 
> in the certificate.
> For example, if digicert.com and example.com are both owned by 
> DigiCert, then subject information is not required because relying 
> parties can readily identify a single entity as controlling the 
> private keys for all of the listed domains.

But how do you know that? By looking at the WHOIS records? How should 
the relying party do that?

Shouldn't that owner be verified first in order to rely on it? I mean, I 
can buy some domain in the name of Digicert, shouldn't be too difficult 
I guess.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121117/5c370615/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121117/5c370615/attachment-0002.p7s>

More information about the Public mailing list