[cabfpub] Which CAs must be audited
Jeremy Rowley
jeremy.rowley at digicert.com
Sun Apr 30 16:27:13 UTC 2017
Lol at the IPv4 and IPv6 part.
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen via Public
Sent: Sunday, April 30, 2017 8:53 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Peter Bowen <pzb at amzn.com>
Subject: [cabfpub] Which CAs must be audited
Over on the mozilla.dev.security.policy list, there was some confusion about which subordinate CAs need to have audits.
I’ve put together two flow charts to help document what I think has been said on that list. I tried to merge info from both the Mozilla and Microsoft policies, so I might be a little off.
The one place where this does differ from current Mozilla policy is that it has disclosure of technically constrained CA certificates themselves. This is proposed for Mozilla but not yet required.
Anyone see errors?
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170430/88574dcc/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 332052 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170430/88574dcc/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 146513 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170430/88574dcc/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170430/88574dcc/attachment-0001.p7s>
More information about the Public
mailing list