[cabfpub] Intermediate certificate names

Eddy Nigg eddy_nigg at startcom.org
Tue Mar 10 16:56:18 UTC 2015


On 03/10/2015 08:31 AM, Geoff Keating wrote:
> Perhaps you could make the common name something like "DigiCert 
> issuing for Customer Name, Inc." or similar?

I don't think this is a good idea - I believe the organization name 
should correctly identify the company to whom the certificate was issued.

When we issue a certificate to an end-user we correctly identify that 
entity (in the verified settings). If we issue an intermediate CA to an 
external entity why should this be any different? We should identify the 
entity we validated and for whom we issued the intermediate CA 
certificate (even if that entity doesn't control the private key, e.g. a 
manged and controlled solution by the parent CA).

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/60c56983/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/60c56983/attachment-0001.p7s>


More information about the Public mailing list