[cabfpub] Name Constraints, Auditing and EKU

Steve Roylance steve.roylance at globalsign.com
Wed Mar 27 06:49:55 MST 2013 

Dear all,

(Thanks Ben Wilson for helping me remove the minor mistakes in my initial
draft)

Please see the attached (Word and PDF versions) as a suggested update to the
BRs to address the gaps we saw when viewing the guidelines with multiple
parties over the last couple of months.

My 10,000 ft view (Which I hope is expressed clearly by the changes
proposed) 
1.  All CAs are Audited or Technically constrained  (as Mozilla's Rev 2.1
Policy now States so in reality it's applicable to everyone already)
2. There's no ability to opt out as BRs as they apply to all Roots and
Subordinate CAs whether or not they are owned/run by the root authority or
another Subordinate Authority lower down the chain.  i.e. no gaps as it's
the weak points that will hurt the industry.
3. The only exception in section 17 is that Technically constrained or not,
the quarterly self audits should be done as that checks compliance to the
other areas.
Note that I added the section on SubCA subject naming as although it could
be inferred from the issuer logic that section seemed to be more focused on
Roots.

I'm looking for a couple of volunteers to whip this into shape.  Any takers?

Steve


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130327/f891bfd1/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BRv.1.1.4 - Amendments for Name Constraints and	Auditing.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 262531 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130327/f891bfd1/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BRv.1.1.4 - Amendments for Name Constraints and Auditing.pdf
Type: application/pdf
Size: 1090793 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130327/f891bfd1/attachment-0001.pdf

More information about the Public mailing list