[cabfpub] Misissuance of certificates
jeremy.rowley at digicert.com
Mon Jan 18 17:44:40 UTC 2016
Are you sure about this? I don't think that's clear (and is one of the
reasons I've been trying to change the scope of the doc).
>From 1.1: "These Requirements only address Certificates intended to be used
for authenticating servers accessible through the Internet."
If they aren't intended for authenticating servers accessible through the
Internet, the BRs don't apply (except where this is broadened by the Trust
Store Operator's policy).
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Sigbjørn Vik
Sent: Monday, January 18, 2016 4:59 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates
On 15-Jan-16 20:01, Eneli Kirme wrote:
> Hi again,
> We would like to clarify a bit about scope vs compliance. Can it be,
> 1) Under root participating in root programs theres a subordinate
> that issues certificates which are out of scope of BR-s (i.e. not
> intended for public web server authentication)?
No. The current understanding of the scope is all certificates chaining to a
root embedded in public browsers. A CA can choose itself which roots are in
scope, but not individual certificates.
Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4964 bytes
Desc: not available
More information about the Public