[cabfpub] Intermediate certificate names

Jeremy Rowley jeremy.rowley at digicert.com
Tue Mar 10 10:00:41 MST 2015

>From Peter Bowen at Amazon:

How do you define "the real CA"?
Is it the company that manages the CPS, writes the management assertion, and is identified in the auditor's opinion letter?
Or is it the company who employs people to perform validation, create and sign certificates, and respond to status requests?


From: Eddy Nigg [mailto:eddy_nigg at startcom.org]
Sent: Tuesday, March 10, 2015 10:56 AM
To: Geoff Keating; Jeremy Rowley
Subject: Re: [cabfpub] Intermediate certificate names

On 03/10/2015 08:31 AM, Geoff Keating wrote:
Perhaps you could make the common name something like "DigiCert issuing for Customer Name, Inc." or similar?

I don't think this is a good idea - I believe the organization name should correctly identify the company to whom the certificate was issued.

When we issue a certificate to an end-user we correctly identify that entity (in the verified settings). If we issue an intermediate CA to an external entity why should this be any different? We should identify the entity we validated and for whom we issued the intermediate CA certificate (even if that entity doesn't control the private key, e.g. a manged and controlled solution by the parent CA).


Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150310/5e5add4b/attachment.html 

More information about the Public mailing list