[Servercert-wg] [cabfpub] Using OV TLS server certificate as TLS client certificates only

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Wed May 5 12:23:31 UTC 2021



On 30/4/2021 6:46 μ.μ., Ryan Sleevi wrote:
>
>     I think the design contains several components that need to be
>     analyzed independently to see where the Publicly Trusted
>     Certificates apply, for which components and for which functions.
>
>
> I'm not sure what you're referring to here? The proposal only covers 
> it in two scenarios (a server certificate and a client certificate). 
> Were you seeing other scenarios?

I'm sure you read the proposal and the various components. I just wanted 
to see how different certificates are used in the design and in various 
components. The design includes:

  * Country Signing Certificate Authorities
  * Gateways
  * Trust Anchor certificates
  * NB CSCA certificates
  * TLS server certificates for DGCG
  * NB TLS client certificates

IMHO we should first try to understand how this design is supposed to 
work in order to propose changes. From a first look, it looks like a 
closed system and PTCs are not justified. However, we might be missing 
something like how the DGCs could be verified by anyone through the 
public Internet.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210505/05fdd7f7/attachment.html>


More information about the Servercert-wg mailing list