[cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Gervase Markham gerv at mozilla.org
Thu Apr 27 16:28:43 UTC 2017

Following discussion on the call today, there is a minor edit to this

On 25/04/17 16:03, Gervase Markham wrote:
> Subject Distinguished Name Fields
> Certificate Field: subject:commonName (OID
> Required/Optional: Required
> Contents: This field MUST be present and the contents MUST be an identifier 

--> change the second MUST to a SHOULD. (Which means this should be
normal practice, but you can do something different if you have a good
reason and know what you are doing.) Later, this may be replaced (in
another ballot) with a MUST plus a set of known sensible use case

> for the certificate such that the certificate's Name is unique across all 
> certificates issued by the issuing certificate.


More information about the Public mailing list