[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements
Ryan Sleevi
sleevi at google.com
Mon Jul 29 05:51:51 MST 2013
For what it's worth, there's still a bit of ambiguity with respect to
cross-signing, but I'm not sure ideal language to propose to address
this.
My modified language said "any subordinate CA certificates signed by
one of these root certificates" - but if multiple versions of a
subject/public key combination exist (cross-signing, special purpose
certs/roots from the same key), a 'creative' party might try to argue
it's out of scope of the BRs - even though the expectation is very
much that it (and the associate private key) are in scope.
If anyone has any suggested wording improvements there, I'm sure it
could really make this point clear. We've certainly seen questions
regarding this sort of thing arise with the 'non-SSL issuance'
questions, so it would be good to have something unambiguous in the
BRs.
On Mon, Jul 29, 2013 at 5:19 AM, Jeremy Rowley
<jeremy.rowley at digicert.com> wrote:
> I'm using Ryan's language, without the original first sentence.
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Robin Alden
> Sent: Monday, July 29, 2013 3:22 AM
> To: 'Gervase Markham'; jeremy.rowley at digicert.com
> Cc: 'CABFPub'
> Subject: Re: [cabfpub] Ballot 108: Clarifying the scope of the baseline
> requirements
>
> I agree.
>
> Ambiguity arises in the original first sentence because Client certificates
> can also be part of TLS/SSL handshakes.
>
> Robin
>
>> -----Original Message-----
>> From: public-bounces at cabforum.org [mailto:public-
>> bounces at cabforum.org] On Behalf Of Gervase Markham
>> Sent: 29 July 2013 09:37
>> To: jeremy.rowley at digicert.com
>> Cc: 'CABFPub'
>> Subject: Re: [cabfpub] Ballot 108: Clarifying the scope of the
> baseline
>> requirements
>>
>> On 26/07/13 21:05, Jeremy Rowley wrote:
>> > Sounds good. I'll circulate a formal ballot with Ryan's
> modifications.
>>
>> Ryan's version didn't include the first sentence from your version;
> was
>> that intentional? I hope so, because that also seemed ambiguous to me,
>> and Ryan's version seems to cover everything. So let's continue to
> omit
>> that sentence.
>>
>> Gerv
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list