[cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Gervase Markham gerv at mozilla.org
Fri May 5 13:22:42 UTC 2017

On 04/05/17 16:20, Ben Wilson wrote:
> 1 - Does this ballot rule out “vanity CAs” – CAs with customer names in
> the subject field, even though the key is held by the root CA?  (I can
> provide further clarification, and/or examples, if necessary.

I don't think so. It doesn't mandate the contents of the CN field other
than a SHOULD-based uniqueness constraint.

> 2-  What is the full current wording of Ballot 199?

It is as posted on 25th April, but with a MUST changed to a SHOULD. I
will send out a full copy.


More information about the Public mailing list