[cabfpub] Preballot - Revised Ballot 190

Jeremy Rowley jeremy.rowley at digicert.com
Sat May 20 01:47:52 UTC 2017

“The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement.”

*	This indicates a certificate request may include partial information. 


“ In cases where the certificate request does not contain all the necessary information about the Applicant, the CA SHALL obtain the remaining information from the Applicant or, having obtained it from a reliable, independent, third‐party data source, confirm it with the Applicant. The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant. Applicant information MUST include, but not be limited to, at least one Fully‐Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension.”

*	The CA can get additional information as necessary to support the issuance. The only information required is at least one FQDN. Provided one FQDN is provided, the rest of the information can be obtained by the CA after the initial request. Information obtained after the request may include the date to issue the certificate and additional FQDNs.



From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Friday, May 19, 2017 6:48 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Preballot - Revised Ballot 190




On Fri, May 19, 2017 at 8:45 PM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> > wrote:

A slightly different third interpretation:

- Obtaining a partial request (under 4.2.1, the certificate request does not contain all necessary information…)


How is the notion of "partial request" supported, in light of 4.1.2?


If we support the notion of "partial request", then what is the absolute minimum amount of information to distinguish that from "no request"?


I don't disagree we can come up with lots of words for those things, but I don't see how they're supported :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170520/ae2f714d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170520/ae2f714d/attachment-0001.p7s>

More information about the Public mailing list