[cabfpub] Urgent: BR Exceptions for Subordinate CA Certificates

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Thu Oct 31 20:59:42 UTC 2013

On 10/31/2013 09:35 PM, From Kathleen Wilson:
> These are the issues in play:
> * BR 9.1.3 says that the Issuer Organization Name (O) field must not
> contain a generic designation. The BIT legacy roots have the DN
> "o=admin,c=CH". However, Swiss law apparently reserves this particular
> string as a 'brand' to BIT. And, of course, this root was created long
> before the BRs were thought of.

Kathleen, if you recall at the time of the (initial) root inclusion 
request regarding this root at Mozilla we had exactly the very same 
issue and with an eye on exactly those types of names the BR does NOT 
allow such names. This was also discussed at that time and I would 
object (on our part should this come up for vote) to an exception for 
these kinds of names. Exactly for this the BR was created to get rid of 
such practices.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131031/da20fd81/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131031/da20fd81/attachment-0001.p7s>

More information about the Public mailing list