[cabfpub] Urgent: BR Exceptions for Subordinate CA Certificates
Rick Andrews
Rick_Andrews at symantec.com
Thu Oct 31 13:22:34 MST 2013
> 2) As a fallback to option 1, reissue an identical cross-signed
> certificate with a later expiration date. This would mean no name
> constraints - i.e. a temporary dispensation from the BRs. Mozilla is
> not
> requiring technical constraint until May 15th, 2014, so we propose that
> expiry date. This time frame will allow for further careful discussion
> of long-term solutions.
Kathleen, can you clarify the statement above about temporary dispensation? Neither the BRs nor Mozilla's policy requires Name Constraints. Constraints are required only when the issuing CA isn't audited. So if they can't use Name Constraints, can they submit to an audit?
-Rick
More information about the Public
mailing list