[cabf_validation] Revision to OU requirements
Ryan Sleevi
sleevi at google.com
Wed Sep 2 13:22:50 MST 2020
On Wed, Sep 2, 2020 at 4:14 PM Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:
> We’ve been working to shut off OU completely to see if there are issues
> with doing so. So far, we’ve found one automation tool that requires OU:
> https://kb.vmware.com/s/article/2044696
>
Thanks Jeremy! I saw DigiCert was taking a good step here, in
https://knowledge.digicert.com/alerts/ou-removal.html , and think that's a
model for all CAs (by virtue of the BRs)
I'm hoping you can share more details about the issue there. Are you saying
the system doesn't load a publicly-trusted certificate if it's missing the
OU field, or merely that their tool produces CSRs with the OU field
populated, as part of ensuring a globally unique DN?
Much like past work on working out interoperable, standards-based
approaches to IP addresses (
https://cabforum.org/guidance-ip-addresses-certificates/ ), it'd be great
to understand the problem more to see what options we have.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20200902/3a868baa/attachment.html>
More information about the Validation
mailing list