[cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

Dimitris Zacharopoulos jimmy at it.auth.gr
Wed Mar 1 01:43:23 MST 2017


On 1/3/2017 10:22 πμ, Ryan Sleevi wrote:
>
>
> On Tue, Feb 28, 2017 at 11:36 PM, Dimitris Zacharopoulos via Public 
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
>     Perhaps changing the "Root CA Certificate" as "A CA Certificate in
>     which the Public Key has been digitally signed by its
>     corresponding Private Key with the intention to be distributed by
>     Application Software Suppliers as a trust anchor". Would that work?
>
>
> I think this would be a step in the wrong direction. As we know from 
> the discussions about the scope of the BRs, "intent" is something that 
> is hard to audit and hard to document. We should avoid such 
> definitions, and focus on clear technical definitions.

I agree with the general concept but this is a special case because when 
you perform a Root Key Ceremony, the CA Certificate is not part of any 
Trust store. Any language that would make this better is welcome.

Dimitris.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170301/c267c9f7/attachment.html>


More information about the Public mailing list