[cabfpub] Ballot 148 - Issuer Field Correction
doug.beattie at globalsign.com
Thu Mar 19 08:19:53 MST 2015
I agree, section 9.2 of the EV guidelines needs to be updated as well, it’s confusing and inaccurate and will lead to other audit findings which can be avoided.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Tuesday, March 17, 2015 6:58 PM
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 148 - Issuer Field Correction
Forwarding for Peter
On Tue, Mar 17, 2015 at 2:56 PM, Peter Bowen <pzbowen at gmail.com<mailto:pzbowen at gmail.com>> wrote:
On Wed, Mar 11, 2015 at 4:28 PM, Doug Beattie
<doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>> wrote:
> Ballot 148 - Issuer Field Correction
> The issuer field language in Section 9.1 of the Baseline Requirements
> confuses two issues:
> 1) the contents of the issuer field in an end entity cert and
> 2) how to name root and intermediate CA certificates.
Maybe worth an independent discussion, but the EV Guidelines also
claim to cover subordinate CA naming in section 9.2:
"Subject to the requirements of these Guidelines, [...] certificates
issued to Subordinate CAs that are not controlled by the same entity
as the CA MUST include the following information about the Subject
organization in the fields listed"
The Subordinate CA definition is "A Certification Authority whose
Certificate is signed by the Root CA, or another Subordinate CA."
Looking at the Pilot CT log, there are zero CAs who have a
businessCategory attribute in their name, yet businessCategory is a
required attribute in section 9.2.
Was 9.2 really intended to apply to Subordinate CAs? Is this just
another thing waiting for an auditor to call out and start issuing
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public