[cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Gervase Markham gerv at mozilla.org
Thu Apr 27 16:28:43 UTC 2017


Following discussion on the call today, there is a minor edit to this
ballot:

On 25/04/17 16:03, Gervase Markham wrote:
> 7.1.4.3.1 Subject Distinguished Name Fields
> 
> Certificate Field: subject:commonName (OID 2.5.4.3)
> Required/Optional: Required
> Contents: This field MUST be present and the contents MUST be an identifier 

--> change the second MUST to a SHOULD. (Which means this should be
normal practice, but you can do something different if you have a good
reason and know what you are doing.) Later, this may be replaced (in
another ballot) with a MUST plus a set of known sensible use case
exceptions.

> for the certificate such that the certificate's Name is unique across all 
> certificates issued by the issuing certificate.

Gerv




More information about the Public mailing list