[Smcwg-public] Bridge CA

Stephen Davidson Stephen.Davidson at digicert.com
Wed Aug 3 22:09:49 UTC 2022


Hi Wendy – thank you for the suggestion.

 

I’d like to stick with the original simpler text because the SBR doesn’t address “how a Bridge CA operates” apart from adopting some CABF-wide standards covering Cross Certificate profiles.

 

Bridge CAs fall outside of mandatory adoption of the SBR unless the Bridge CA itself is Publicly-Trusted.  If a CA that is crossed with the Bridge CA is itself Publicly-Trusted then it must adopt but it does not drag other nonPublicly-Trusted CAs in the Bridge ecosystem into scope.

 

Best, Stephen

 

 

From: Wendy Brown - QT3LB-C <wendy.brown at gsa.gov> 
Sent: Wednesday, August 3, 2022 3:00 PM
To: Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] Bridge CA

 

Stephen - suggested rewording of the Bridge CA definition

 

Bridge CA – A CA that facilitates interoperability between different enterprises or communities that operate their own PKIs, by issuing and receiving Cross Certificates which map the peer PKI certificate policies to the certificate policies of the Bridge CP.

 




Wendy

 

Wendy Brown

Supporting GSA

FPKIMA Technical Liaison

Protiviti Government Services

703-965-2990 (cell)

 

 

On Wed, Aug 3, 2022 at 12:39 PM Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> > wrote:

Hello:

 

Following our discussion, I have merged the PR relating to Bridge CAs https://github.com/cabforum/smime/commit/50093055e1a2db9822cc68f90f503b48210f576a

 

As discussed we will want to add a definition for a Bridge CA.  I propose the following:

 

Bridge CA – A CA that facilitates interoperability between different enterprises or communities that operate their own PKIs, by issuing Cross Certificates to participating CAs. 

 

Feedback welcomed.

 

Regards, Stephen

 

_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/smcwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220803/96578bc0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4999 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220803/96578bc0/attachment-0001.p7s>


More information about the Smcwg-public mailing list