[cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

Gervase Markham gerv at mozilla.org
Thu Apr 20 16:24:42 UTC 2017

On 20/04/17 17:08, Ryan Sleevi wrote:
> I think your suggested rules perhaps bring more ambiguity than clarity.
> Is it reasonable to suggest the simple position, which is what Jeremy
> was seeking clarification on: That at the time of a certificate's
> issuance, it must be done so in a manner compliant with the "latest
> published version" (as specified in Section 2.2 of the BRs that all CAs
> attest to).

Sure. That's what my rules say too. But how does this apply to actions
which are not part of certificate issuance? This is why I felt a
generalisation of the rule was needed.

Of course, we are only discussing a default - explicit text can override
it in whatever way you like.


More information about the Public mailing list