[cabfpub] Proposed addition to BRs allowing issuance of <2048

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Thu Jun 13 19:38:20 UTC 2013


On 06/13/2013 09:22 PM, From Rick Andrews:
> In the future, we will attempt to move non-browser applications like this to non-browser roots, but for now they are very much intertwined.  It was agreed that I would draft a ballot to add an exception to the BRs for this purpose, just as we have an exception in the BRs to allow issuance from the root. That exception, I might add, is predominantly for non-web pki applications, because all modern browsers can handle chained certs.

I would consider to include a requirement that such certificates must 
not be accessible publicly through the HTTPS protocol. This might 
require proactive action by the CA, something which might also help 
reduce reliance on such an exception.

Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130613/d4d612bd/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130613/d4d612bd/attachment-0001.p7s>


More information about the Public mailing list