[cabfpub] Certificate OID policy and new intermediate Certificate mode
张翼
zhangyi at cfca.com.cn
Mon Jul 20 01:10:26 MST 2015
These are samples of the end-entity certificates OIDs
OV 2.23.140.1.2.2
EV 2.23.140.1.1
EV CodeSign 2.23.140.1.3
Non-EV Code Signing 2.23.140.1.4
Jody from Microsoft mentioned:
Microsoft does not require CAs to separate out intermediates by OID type;
instead, the intent of this requirement is to simply require CAs to
standardize OIDs on the end-entity certificate.
so, in this case, is it possible that one EV root Certificate have one
intermediate Certificate.
And this root system have 4 audit:
Webtrust 2.0
BR
EV
EV codesign
The intermediates Certificate can issue:
1, OV SSL Certificate
2, OV CodeSign Certificate
3, EV SSL Certificate
4, EV CodeSign Certificate
if this is allowed, will Mozilla, Google and Apple accept this kind of root
certificate inclusion request?
if not, is there any policy against it?
(Microsoft use to forbid this kind of root/intermediates Certificate , but
now the restriction is removed)
if not, is it possible to make 1 intermediate Certificate for EV, 1 for OV?
Zhang Yi
Business Research Competent
China Financial Certification Authority
Business Department
Address: Bldg. 2, #20, 14th Kechuang street, YiZhuang
Economic-Technological Development Zone,Daxing District,Beijing , P. R.
China
Postcode: 100176
TEL: +86 010-58903555
Mobile: +86 18510280028
Email: <mailto:zhangyi at cfca.com.cn> zhangyi at cfca.com.cn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150720/195942f3/attachment.html
More information about the Public
mailing list