[cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Mads Egil Henriksveen Mads.Henriksveen at buypass.no
Mon May 8 07:30:24 MST 2017


Hi Gerv

I am aware of this change, but it is still required that we should do this. 

Mads

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: 8. mai 2017 13:11
To: Mads Egil Henriksveen; CA/Browser Forum Public Discussion List
Subject: Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

On 08/05/17 10:37, Mads Egil Henriksveen wrote:
> I support that CN is required in all certificates, but I don’t support 
> that we should require a unique CN across all CA certificates issued 
> by the issuing CA.

We don't. That MUST was changed to a SHOULD.

> As long as we issue a new certificate for the same CA entity (i.e. 
> with the same CA key and same validity), it is not obvious that we 
> should have to “change the name” of this entity. CN is a part of the 
> Subject field and thus a part of the name of the CA.

See the discussion between Bruce and Ryan. :-)

Gerv


More information about the Public mailing list