[cabfpub] Alternative path forward for Names
Peter Bowen
pzb at amzn.com
Mon Mar 6 03:20:25 UTC 2017
I received emails off list from a couple of members who think that qualified audits are not the right way to go. Given that, and Kirk’s point that it would be very tricky to call out all the exceptions country by country, there is an alternative.
We can move BR sections 3.2.2 (the intro paragraph), 3.2.2.1, 3.2.2.2, 3.2.2.3, 3.2.3, 3.2.5, 7.1.4.2.2 (b) - (i), and the portions of 7.1.6.1 that discuss policy identifiers 2.23.140.1.2.2 and 2.23.140.1.2.3 to a new document or to an appendix. We determine that the rules from those sections only apply when the certificate includes one of the two listed policy identifiers.
This would allow CAs with other naming policies to be BR compliant as long as they don’t assert 2.23.140.1.2.2 or 2.23.140.1.2.3 in their certificates.
Thanks,
Peter
More information about the Public
mailing list