[Servercert-wg] Subscriber key pair generation by the CA
Adriano Santoni
adriano.santoni at staff.aruba.it
Wed May 27 06:36:53 MST 2020
All,
tt seems to me there's an inconsistency between §5.2 of Mozilla Root
Policy, which very clearly prohibits CAs from generating Subscribers'
key pairs for SSL Server certs, and §6.1.2 of the BR which seemingly
allows that. It would seem logical, and should not harm any CAs, if it
was clarified in the BR that subscriber key pair generation by the CA is
not allowed, in line with the requirement set forth in Mozilla Root Policy.
What do the people here think?
Adriano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200527/8adc8dcd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4105 bytes
Desc: Firma crittografica S/MIME
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200527/8adc8dcd/attachment.p7s>
More information about the Servercert-wg
mailing list