[cabfpub] Intermediate certificate names
Richard Wang
richard at wosign.com
Tue Mar 10 17:17:06 UTC 2015
+1
Yes, we can treat issuing intermediate certificate same as to end user
certificate that verify the identity and name it in O and CN field.
Richard
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Eddy Nigg
Sent: Tuesday, March 10, 2015 9:56 AM
To: Geoff Keating; Jeremy Rowley
Cc: CABFPub
Subject: Re: [cabfpub] Intermediate certificate names
On 03/10/2015 08:31 AM, Geoff Keating wrote:
Perhaps you could make the common name something like "DigiCert issuing for
Customer Name, Inc." or similar?
I don't think this is a good idea - I believe the organization name should
correctly identify the company to whom the certificate was issued.
When we issue a certificate to an end-user we correctly identify that entity
(in the verified settings). If we issue an intermediate CA to an external
entity why should this be any different? We should identify the entity we
validated and for whom we issued the intermediate CA certificate (even if
that entity doesn't control the private key, e.g. a manged and controlled
solution by the parent CA).
--
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP:
startcom at startcom.org
Blog:
Join the Revolution! <http://blog.startcom.org>
Twitter:
Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/20384023/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5099 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/20384023/attachment-0001.p7s>
More information about the Public
mailing list