[Smcwg-public] Bridge CA

Clint Wilson clintw at apple.com
Thu Aug 4 17:43:46 UTC 2022


Would it make sense to adopt the use of Cross-Certified Subordinate CA Certificates as described in the “Profiles” ballot under discussion in the SCWG, instead of Cross Certificates, to avoid some of the confusion we’ve seen with the latter term? 
Separately, the definition is, most likely, worth improving both generally and so its use in a definition of Bridge CA is more clear.

For reference (from https://github.com/cabforum/servercert/pull/373/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR296 <https://github.com/cabforum/servercert/pull/373/files#diff-e0ac1bd190515a4f2ec09139d395ef6a8c7e9e5b612957c1f5a2dea80c6a6cfeR296>):

**Cross-Certified Subordinate CA Certificate**: A certificate that is used to establish a trust relationship between two Root CAs.

> On Aug 3, 2022, at 9:39 AM, Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org> wrote:
> 
> Hello:
>  
> Following our discussion, I have merged the PR relating to Bridge CAshttps://github.com/cabforum/smime/commit/50093055e1a2db9822cc68f90f503b48210f576a <https://github.com/cabforum/smime/commit/50093055e1a2db9822cc68f90f503b48210f576a>
>  
> As discussed we will want to add a definition for a Bridge CA.  I propose the following:
>  
> Bridge CA – A CA that facilitates interoperability between different enterprises or communities that operate their own PKIs, by issuing Cross Certificates to participating CAs.
>  
> Feedback welcomed.
>  
> Regards, Stephen
>  
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://lists.cabforum.org/mailman/listinfo/smcwg-public>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220804/d35c9dc6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220804/d35c9dc6/attachment.p7s>


More information about the Smcwg-public mailing list