[cabfpub] [EXT] Re: Ballot 199 - Require commonName in Root and Intermediate Certificates

Gervase Markham gerv at mozilla.org
Fri May 5 13:22:34 UTC 2017

On 04/05/17 20:27, Steve Medin via Public wrote:
> Gerv, could we also request explicit forward-looking language? Kirk
> raised the concern about whether this applies to existing roots and
> intermediates. We have a root issued in 1997 that does not have a common
> name. Some interpretations have been discussed, but we would strongly
> prefer that this be written into this change for clear future
> interpretations.

It is a standard principle of the BRs and of edits to them that those
edits don't go back and make you apply e.g. current issuance criteria to
all existing certificates unless they explicitly say they do. If you are
not using this intepretive principle already, then you must have changed
your entire certificate corpus over many times since we started having BRs!


More information about the Public mailing list