[cabfpub] Ballot 184: rfc822Names and otherNames

Gervase Markham gerv at mozilla.org
Fri Jan 6 10:16:51 UTC 2017

On 06/01/17 00:35, Ryan Sleevi via Public wrote:
> Alternatively, the HS2.0 profile might be updated to distinguish the
> user-facing OSU interaction from the "app" or "server-to-server" facing
> OSU interaction (which is the whole reason for the custom PKI to begin
> with), such that any browser-based interaction with the OSU is left to
> "the Web PKI", while any app-to-server-based OSU interaction is handled
> by the OSU PKI. 

Jeremy: this seems like the obvious solution; why is this problematic?

Although unlike Ryan, I am not fully informed about the exact technical
details here, like Ryan I am concerned about the idea of permitting
certificates which will have "two masters", because the fewer couplings
the Web PKI has with other sets of requirements, the less likely it is
we'll have problems down the road when we want to move and they object
that we've broken something important.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170106/0969b671/attachment-0001.sig>

More information about the Public mailing list