[cabfpub] EV Code Signing fixes

i-barreira at izenpe.net i-barreira at izenpe.net
Wed Feb 19 10:04:49 MST 2014 

I will endorse it

 

 

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net

945067705

 

 

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

 

De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Jeremy Rowley
Enviado el: miércoles, 19 de febrero de 2014 8:53
Para: CABFPub
Asunto: [cabfpub] EV Code Signing fixes

 

There are two issues with the EV code signing guidelines that need correction:

 

1.  Section 9.2.2 of the EV code signing guidelines recommends that CAs not include the SAN extension in an EV certificate.  However, section 9.7 requires that an EV certificate include subjectAltName:permanentIdentifier. Because the main concern is a CA including a domain names in the SAN extension, we should specify that this practice is not allowed and recognize that other information may be present. 

 

2.  Section 9.2.3 of the EV code signing guidelines deprecates the CN field.  The code signing working group received a report that this field is still required by code signing applications. We should still include the CN in code signing certificates even if the field is deprecated for SSL certificates.  

 

I am looking for endorsers for (or suggestions on) the following proposal:

 

a.       Replace section 9.2.2 with the following: 

"9.2.2    Subject Alternative Name Extension

This field MUST be present and MUST contain the permanentIdentifier specified in Section 9.7. This field MUST NOT contain a Domain Name or IP Address."

 

b.      Amend section 9.2.3 as follows:

"9.2.2    Subject Common Name Field

Certificate field: subject:commonName (OID 2.5.4.3)

Required/Optional: Required

Contents: This field MUST contain the Subject's legal name as verified under Section 11.2. "

 

Thanks!

Jeremy

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140219/b259f053/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
Url : https://cabforum.org/pipermail/public/attachments/20140219/b259f053/attachment-0001.png

More information about the Public mailing list