[Servercert-wg] Subject name requirements for CA Certificates
Curt Spann
cspann at apple.com
Thu Oct 24 08:51:10 MST 2019
We (Apple) approach the BRs as Default-Deny in which it only specifies what is allowed. The Default-Deny approach makes it less ambiguous to determine the requirement for operating a publicly trusted CA.
I encourage CAs to review their practices against the BRs using Default-Deny. If CAs would like to add additional statements to the BRs to align with their practices the CAs should create ballots to update the BRs.
- Curt
More information about the Servercert-wg
mailing list