[cabfpub] EV Guidelines §14.2 delegation of functions to RAs etc.
Ryan Sleevi
sleevi at google.com
Thu Aug 4 14:24:32 MST 2016
You're saying the original certificate is xxx.example, and the new
certificate is for xxx.example and yyy.example?
No, it would not be appropriate, because yyy.example was not "contained
within the domain of the original EV certificate"
On Thu, Aug 4, 2016 at 6:19 AM, Adriano Santoni <
adriano.santoni at staff.aruba.it> wrote:
> All,
>
> I have a doubt regarding §14.2 of EV guidelines, and particularly §14.2.2
> (Enterprise RAs) that reads:
> "The CA MAY contractually authorize the Subject of a specified Valid EV
> Certificate to perform the RA function and authorize the CA to issue
> additional EV Certificates at third and higher domain levels that are
> contained within the domain of the original EV Certificate (also known as
> an Enterprise EV Certificate). In such case, the Subject SHALL be considered
> an Enterprise RA, and the following requirements SHALL apply: ..."
>
> Now, let's assume that a certain company owns/controls two or more
> domains, say xxx.com and yyy.net, and that the "original EV Certificate"
> (quoted from above) was issued by the CA for any one of those domains (say
> xxx.com): under these conditions, would it be okay to authorize that
> company to act as an Enterprise RA for the remaining 2nd-level domains
> that it owns/controls ?
> Based on §14.2.2, it seems not.
>
> Adriano
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160804/513ec3e0/attachment.html
More information about the Public
mailing list