[cabf_validation] Revision to OU requirements

Kurt Roeckx kurt at roeckx.be
Mon Sep 21 13:47:13 MST 2020


On Mon, Sep 21, 2020 at 02:01:20PM -0400, Ryan Sleevi via Validation wrote:
> Can you clarify: Was this at the request of BCSS (the "server", in their
> parlance) or in the use of TLS certificates as client-auth certificates?
> 
> This appears to be detailing a very specific mutual-TLS authentication
> flow, and it's unclear whether or not a browser-used CA is essential for
> this.

Reading the document, it says that the KSZ/BCSS/CBSS has 3
certificates (TLS server, TLS client, TLS client to sign documents),
and depending on the communications, one of the 3 is used. Clients
wishing to authenticate them should get the certificates. Clients
should also send their own certificate to KSZ/BCSS/CBSS.


Kurt



More information about the Validation mailing list