[cabf_validation] Revision to OU requirements
Jeremy Rowley
jeremy.rowley at digicert.com
Wed Sep 2 13:14:07 MST 2020
We’ve been working to shut off OU completely to see if there are issues with doing so. So far, we’ve found one automation tool that requires OU: https://kb.vmware.com/s/article/2044696
From: Validation <validation-bounces at cabforum.org> On Behalf Of Ryan Sleevi via Validation
Sent: Monday, August 31, 2020 8:33 AM
To: Richard Smith <rich at sectigo.com>
Cc: CABforum3 <validation at cabforum.org>
Subject: Re: [cabf_validation] Revision to OU requirements
On Mon, Aug 31, 2020 at 8:30 AM Richard Smith <rich at sectigo.com<mailto:rich at sectigo.com>> wrote:
Ryan,
We’re not completely against the idea of removing OU altogether, however there are a couple of use cases that I think are both legit and verifiable/auditable, though there may be better ways than keeping OU alive to accommodate them. I’m still looking into the particulars and will post more detail shortly.
Can you share which ones are relevant to the use of TLS in browsers? I'm not aware of any browsers that use this field, and thus can think of plenty of harm that would be caused by continuing the (mis)use of this field.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20200902/beee6e01/attachment.html>
More information about the Validation
mailing list