[cabfpub] F2F Topic details: What should be represented in the "O" field?

Dean Coclin Dean_Coclin at symantec.com
Thu Feb 4 22:26:22 UTC 2016

As requested on today's call, please publish ahead of time any background
reading material for a topic which has your name next to it.


On Day 2 the subject topic is scheduled. Here is some background:


At the last F2F meeting we discussed what should go in the certificate "O"
field and what the definition of "applicant" should be. Ryan succinctly
summarized it and I transformed into the following example:


Who can request a cert for dean.example.com:


1.	Dean Coclin, author of the content and logical operator of the
dean.example.com origin
2.	Example.com, provider of hosting services for Dean Coclin
3.	CDN Corp, a CDN that provides SSL/TLS front-end services for
example.com, which does not offer them directly
4.	Marketing Inc, the firm responsible for designing and maintaining
the website on behalf of Dean Coclin
5.	Payments LLC, the payment processing firm responsible for handling
orders and financial details on dean.example.com
6.	DNS Org, the company who operates the DNS services on behalf of Dean
7.	Mail Corp, the organization who handles the MX records that
dean.example.com responds to


At the last meeting, there was a debate between some who thought it should
be #1 and those that thought it should be whoever holds the private key. 


My position (and those of some others at the meeting) is that it should be
#1. The rationale is that this is what is of interest to relying parties. I
don't believe relying parties care who holds the private key nor who the
site's payment processor  or DNS operator are.  Relying parties want to know
who is responsible for the site content and, in case of problems, who they
should contact. 


I would like to open and continue a discussion of this topic (at the
meeting, not here)so that we can try and come to some consensus on this
issue. Of course, if you have a viewpoint that you'd like to elaborate ahead
of time, please feel free to do so.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160204/706478aa/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160204/706478aa/attachment.p7s>

More information about the Public mailing list