[cabfpub] Applicability of BRs to Client Authentication certificates

Tim Hollebeek tim.hollebeek at digicert.com
Thu Apr 12 11:15:02 MST 2018


It’s a good time to do it, too, since after governance reform, we want to be able to quickly know which certificates are in scope for which working groups.

 

We discussed this at a few F2Fs.

 

-Tim

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Thursday, April 12, 2018 1:54 PM
To: Jeff Ward <jward at bdo.com>
Cc: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Applicability of BRs to Client Authentication certificates

 

 

 

On Thu, Apr 12, 2018 at 1:45 PM, Jeff Ward <jward at bdo.com <mailto:jward at bdo.com> > wrote:

If 7.1.2.3.f is ignored, it is less confusing, but there is still potential ambiguity as to what ‘authenticating a server accessible through the Internet’ means. It would be best if the BRs clearly specified the technical characteristics of identifying a certificate that is ‘in-scope’.

 

In that regard, I think we're in violent agreement. Root Programs have undertaken this to some extent, but it would be good to revisit clarification, hopefully now that more CAs are aware of the problems posed. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180412/53cf3cb7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180412/53cf3cb7/attachment.p7s>


More information about the Public mailing list