[cabfpub] Applicability of BRs to Client Authentication certificates

Tim Hollebeek tim.hollebeek at digicert.com
Thu Apr 12 18:15:02 UTC 2018

It’s a good time to do it, too, since after governance reform, we want to be able to quickly know which certificates are in scope for which working groups.


We discussed this at a few F2Fs.




From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Thursday, April 12, 2018 1:54 PM
To: Jeff Ward <jward at bdo.com>
Cc: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Applicability of BRs to Client Authentication certificates




On Thu, Apr 12, 2018 at 1:45 PM, Jeff Ward <jward at bdo.com <mailto:jward at bdo.com> > wrote:

If is ignored, it is less confusing, but there is still potential ambiguity as to what ‘authenticating a server accessible through the Internet’ means. It would be best if the BRs clearly specified the technical characteristics of identifying a certificate that is ‘in-scope’.


In that regard, I think we're in violent agreement. Root Programs have undertaken this to some extent, but it would be good to revisit clarification, hopefully now that more CAs are aware of the problems posed. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180412/53cf3cb7/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180412/53cf3cb7/attachment-0003.p7s>

More information about the Public mailing list