[cabfpub] Ballot 190

Ryan Sleevi sleevi at google.com
Mon May 1 15:18:18 UTC 2017

Well, I was discussing in the broader context :)

For example, you "could" simply indicate

BRComplianceDetails ::= SEQUENCE {
  validationMethod  INTEGER

As an extension

There are, of course, more efficient ways to structure this data (for
example, expandable enum of INTEGER values for version). I just provided
this as a quick and dirty example of how you could provide this information
within a certificate in a clear and auditable way. It could allow, for
example, auditors to ensure that their random sampling methodology
appropriately covered all validation methods the CA practiced, without
undermining the purpose and value of sampling.

On Mon, May 1, 2017 at 11:13 AM, Jeremy Rowley <jeremy.rowley at digicert.com>

> How does this work if the intermediate doesn't contain the anyPolicy OID?
> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase
> Markham via Public
> Sent: Monday, May 1, 2017 9:08 AM
> To: Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion
> List
> <public at cabforum.org>
> Cc: Gervase Markham <gerv at mozilla.org>
> Subject: Re: [cabfpub] Ballot 190
> On 01/05/17 16:02, Ryan Sleevi wrote:
> > I did. It allows users to make an informed decision of the
> > trustworthiness of the information presented in the certificate, much
> > like EV policy OIDs and OV policy OIDs reportedly provide a stronger
> > level of assertion.
> Did you anticipate a marker both for the validation method and also for the
> version of the BRs used? Both would be needed to pin it down exactly.
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170501/0da4c5aa/attachment-0003.html>

More information about the Public mailing list