[cabfpub] Intermediate certificate names
Eddy Nigg
eddy_nigg at startcom.org
Tue Mar 10 16:56:18 UTC 2015
On 03/10/2015 08:31 AM, Geoff Keating wrote:
> Perhaps you could make the common name something like "DigiCert
> issuing for Customer Name, Inc." or similar?
I don't think this is a good idea - I believe the organization name
should correctly identify the company to whom the certificate was issued.
When we issue a certificate to an end-user we correctly identify that
entity (in the verified settings). If we issue an intermediate CA to an
external entity why should this be any different? We should identify the
entity we validated and for whom we issued the intermediate CA
certificate (even if that entity doesn't control the private key, e.g. a
manged and controlled solution by the parent CA).
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/60c56983/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/60c56983/attachment-0001.p7s>
More information about the Public
mailing list