[cabfpub] Ballot 148 - Issuer Field Correction

[Doug Beattie]

Hi Peter,

I agree, section 9.2 of the EV guidelines needs to be updated as well, it’s confusing and inaccurate and will lead to other audit findings which can be avoided.

Doug

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Tuesday, March 17, 2015 6:58 PM
Cc: public at cabforum.org
Subject: Re: [cabfpub] Ballot 148 - Issuer Field Correction

Forwarding for Peter

On Tue, Mar 17, 2015 at 2:56 PM, Peter Bowen <pzbowen at gmail.com<mailto:pzbowen at gmail.com>> wrote:
On Wed, Mar 11, 2015 at 4:28 PM, Doug Beattie
<doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>> wrote:
> Ballot 148 - Issuer Field Correction
>
> The issuer field language in Section 9.1 of the Baseline Requirements
> confuses two issues:
>
> 1) the contents of the issuer field in an end entity cert and
>
> 2) how to name root and intermediate CA certificates.

Maybe worth an independent discussion, but the EV Guidelines also
claim to cover subordinate CA naming in section 9.2:

"Subject to the requirements of these Guidelines, [...] certificates
issued to Subordinate CAs that are not controlled by the same entity
as the CA MUST include the following information about the Subject
organization in the fields listed"

The Subordinate CA definition is "A Certification Authority whose
Certificate is signed by the Root CA, or another Subordinate CA."

Looking at the Pilot CT log, there are zero CAs who have a
businessCategory attribute in their name, yet businessCategory is a
required attribute in section 9.2.

Was 9.2 really intended to apply to Subordinate CAs?  Is this just
another thing waiting for an auditor to call out and start issuing
qualifications?

Thanks,
Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150319/d4b73936/attachment-0001.html