[Servercert-wg] [Ext] Re: Subject name requirements for CA Certificates

Paul Hoffman paul.hoffman at icann.org
Wed Oct 9 10:20:40 MST 2019


Off-list:

> When it comes to disagreements about the expectations, however, I hope we're in agreement that CAs are expected to meet and abide by Root Program Requirements first and foremost, and that those are the core expectation. The Baseline Requirements do not replace nor override Root Program expectations, and in matters of disagreement, it is ultimately at the discretion of the Root Program to clarify. I hope we're in clear agreement there, because if not, that's a more fundamental issue. 

You are using "Root Program" as a term of art, but I don't know where it is defined. Certainly searching Google for "root program" gets me a bunch of stuff you don't mean. In your mind, is "Root Program" defined somewhere? The closest I see is at <https://www.chromium.org/Home/chromium-security/root-ca-policy>, but that does not define much (particularly the last line on that page...).

I ask all this because I vaguely remember that there was some web site that was (IIRC) supported by all the expected browsers that defined this, but I either didn't bookmark it or it has a name that is quite different than "Root Program".

--Paul


More information about the Servercert-wg mailing list