[Servercert-wg] [cabfpub] Using OV TLS server certificate as TLS client certificates only
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Wed May 5 12:23:31 UTC 2021
On 30/4/2021 6:46 μ.μ., Ryan Sleevi wrote:
>
> I think the design contains several components that need to be
> analyzed independently to see where the Publicly Trusted
> Certificates apply, for which components and for which functions.
>
>
> I'm not sure what you're referring to here? The proposal only covers
> it in two scenarios (a server certificate and a client certificate).
> Were you seeing other scenarios?
I'm sure you read the proposal and the various components. I just wanted
to see how different certificates are used in the design and in various
components. The design includes:
* Country Signing Certificate Authorities
* Gateways
* Trust Anchor certificates
* NB CSCA certificates
* TLS server certificates for DGCG
* NB TLS client certificates
IMHO we should first try to understand how this design is supposed to
work in order to propose changes. From a first look, it looks like a
closed system and PTCs are not justified. However, we might be missing
something like how the DGCs could be verified by anyone through the
public Internet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210505/05fdd7f7/attachment.html>
More information about the Servercert-wg
mailing list