[cabfpub] SAN private extensions pursuant specific SSL/EV Spanish ruled profile

Chema Lopez clopez at firmaprofesional.com
Mon Jul 11 03:09:39 MST 2016


These certificates are only intended to "secure" Public Administrations
website (SSL) in Spain. But if we (Spanish TSPs) are not be able to get de
BR seal, how is it supposed to have a secure connection without warnings
when Public Administrations use this certificates?

Thanks in advance,






*Chema López GonzálezDirector Área de Innovación, Cumplimiento y
TecnologíaAC Firmaprofesional S.A.*


Av. Torre Blanca, 57.
Edificio ESADECREAPOLIS - 1B13

08173 Sant Cugat del Vallès. Barcelona.
Tel: 93.477.42.45 / 666.429.224

El contenido de este mensaje y de sus anexos es confidencial. Si no es el
destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo
y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este
mensaje por error, le agradeceríamos que lo haga saber inmediatamente al
remitente y que proceda a destruir el mensaje.

On 7 July 2016 at 16:49, Moudrick M. Dadashov <md at ssc.lt> wrote:

> Thanks, Chema, that also means that those certificates have limited usage
> context (see ETSI certificate profile standards).
>
> But even in that case its unfortunate that EU CAs have to maintain both
> (ETSI and CAB Forum) certificate profile specifications.
>
> Thanks,
>
> M.D.
>
> On 7/7/2016 9:45 AM, Chema Lopez wrote:
>
> Yes, they remain valid. There is not legal constrain regarding this July
> 1st to remain valid.
>
>
>
>
>
>
>
> *Chema López González Director Área de Innovación, Cumplimiento y
> Tecnología AC Firmaprofesional S.A. *
>
>
> Av. Torre Blanca, 57.
> Edificio ESADECREAPOLIS - 1B13
> 08173 Sant Cugat del Vallès. Barcelona.
> Tel: 93.477.42.45 / 666.429.224
>
> El contenido de este mensaje y de sus anexos es confidencial. Si no es el
> destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo
> y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este
> mensaje por error, le agradeceríamos que lo haga saber inmediatamente al
> remitente y que proceda a destruir el mensaje.
>
> On 7 July 2016 at 02:06, Moudrick M. Dadashov <md at ssc.lt> wrote:
>
>> Are those certificates remain valid after the July 1st?
>>
>> Thanks,
>>
>> M.D.
>>
>> On 7/6/2016 11:55 PM, Dean Coclin wrote:
>>
>> I recall  there being some discussion on another list about this (perhaps
>> Mozilla) and maybe others that follow that could comment.
>>
>>
>>
>> If you want to bring this up on the CABF call, please let me know.
>> Unfortunately this week’s agenda is full but we could schedule it for 2
>> weeks from now.
>>
>>
>> Thanks
>> Dean
>>
>>
>>
>> *From:* <public-bounces at cabforum.org>public-bounces at cabforum.org [
>> mailto:public-bounces at cabforum.org <public-bounces at cabforum.org>] *On
>> Behalf Of *Chema Lopez
>> *Sent:* Wednesday, June 29, 2016 1:34 PM
>> *To:* public at cabforum.org
>> *Subject:* [cabfpub] SAN private extensions pursuant specific SSL/EV
>> Spanish ruled profile
>>
>>
>>
>> Dear all.
>>
>>
>>
>> There was a law in Spain that regulates the profile for some specific
>> certificates, i.e.:
>>
>>    1. Civil Servant or Public Employee (natural person certificate)
>>    2. Electronic Seal for Automated Administrative Action
>>    3. Electronic Office Certificate (SSL or EV for Public
>>    Administrations)
>>
>> You can find the profiles attached (unfortunately only in Spanish).
>>
>>
>>
>> The problem is that these profiles required private extensions in the
>> SAN, and this conflicts BR and EV Guidelines. At least, crt.sh shows this
>> extensions as an error. See the private extensions below.
>>
>> [image: Inline images 1]
>>
>>
>>
>> This law has been repealed recently and the new one does not require this
>> extensions but, how do we, Spanish TSP, handle the SSL and EV certificates
>> issued following the previous law? In my opinion, an exception needs to be
>> added.
>>
>>
>>
>> Thanks in advance for your comments.
>>
>>
>>
>> Best regards,
>>
>>
>>
>> *Chema López González Director Área de Innovación, Cumplimiento y
>> Tecnología AC Firmaprofesional S.A.*
>>
>>
>> Av. Torre Blanca, 57.
>> Edificio ESADECREAPOLIS - 1B13
>>
>> 08173 Sant Cugat del Vallès. Barcelona.
>>
>> Tel: 93.477.42.45 / 666.429.224
>>
>>
>>
>> El contenido de este mensaje y de sus anexos es confidencial. Si no es el
>> destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo
>> y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este
>> mensaje por error, le agradeceríamos que lo haga saber inmediatamente al
>> remitente y que proceda a destruir el mensaje.
>>
>>
>> _______________________________________________
>> Public mailing listPublic at cabforum.orghttps://cabforum.org/mailman/listinfo/public
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160711/d2873a33/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 45711 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160711/d2873a33/attachment-0001.png 


More information about the Public mailing list