[Servercert-wg] Examples of infrastructure certificates signed by Root CAs

Ryan Sleevi sleevi at google.com
Thu Mar 18 15:32:11 UTC 2021


On Tue, Mar 16, 2021 at 2:58 PM Ryan Sleevi <sleevi at google.com> wrote:

> Section 6.1.7 of the BRs contains the following language in terms of
> restricting what a Root CA Certificate can issue:
>
> "Certificates for infrastructure purposes (administrative role
> certificates, internal CA
> operational device certificates); and"
>
> I was wondering if any CAs that are currently using/relying on this
> provision can share (either on-list or feel free to reply
> off-list/directly) examples of the certificate. Additionally, if you're
> using COTS software for CA management, any documentation you could
> reference or point to in how these certificates are used.
>
> I'd like to propose some changes to this language, but I want to make sure
> I understand this use case in particular. I'm hoping no one is confused in
> thinking this applies to, say, TSA certificates, but if you have
> interpreted it that way, that's also useful and valuable!
>
> Thanks!
>

Just poking this since we had some mail delivery issues, and wanted to make
sure everyone saw this question :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210318/f643c720/attachment.html>


More information about the Servercert-wg mailing list