[cabfpub] Private key control

Rick Andrews Rick_Andrews at symantec.com
Thu Oct 23 11:46:19 MST 2014


Jeremy,

How about "The CA MAY verify this association by obtaining a CSR from the Applicant and validating the signature on the CSR."

-Rick

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Wednesday, October 22, 2014 6:57 PM
To: CABFPub
Subject: [cabfpub] Private key control

During the Code Signing BR discussion a few weeks ago, we noticed that the Baseline Requirements lack a definitive requirement for the CA to confirm that the Application is properly associated with the Public Key being included in the certificate.  We'd like to remedy this oversight.  What does everyone thing about adding a section similar to the following to the BRs?
Section 11.1.5    Verification of Key Pair Association
Prior to issuing a Certificate, the CA MUST verify that the Applicant's Private Key is properly associated with the Public Key and a subject name to be included in the Certificate. The CA MAY verify this association by obtaining a CSR from the Applicant.

Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141023/58954a0d/attachment.html 


More information about the Public mailing list