[Servercert-wg] Examples of infrastructure certificates signed by Root CAs

Ryan Sleevi sleevi at google.com
Tue Mar 16 18:58:54 UTC 2021

Section 6.1.7 of the BRs contains the following language in terms of
restricting what a Root CA Certificate can issue:

"Certificates for infrastructure purposes (administrative role
certificates, internal CA
operational device certificates); and"

I was wondering if any CAs that are currently using/relying on this
provision can share (either on-list or feel free to reply
off-list/directly) examples of the certificate. Additionally, if you're
using COTS software for CA management, any documentation you could
reference or point to in how these certificates are used.

I'd like to propose some changes to this language, but I want to make sure
I understand this use case in particular. I'm hoping no one is confused in
thinking this applies to, say, TSA certificates, but if you have
interpreted it that way, that's also useful and valuable!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210316/b85b9387/attachment-0001.html>

More information about the Servercert-wg mailing list