[cabf_validation] Revision to OU requirements
Kurt Roeckx
kurt at roeckx.be
Mon Sep 21 13:47:13 MST 2020
On Mon, Sep 21, 2020 at 02:01:20PM -0400, Ryan Sleevi via Validation wrote:
> Can you clarify: Was this at the request of BCSS (the "server", in their
> parlance) or in the use of TLS certificates as client-auth certificates?
>
> This appears to be detailing a very specific mutual-TLS authentication
> flow, and it's unclear whether or not a browser-used CA is essential for
> this.
Reading the document, it says that the KSZ/BCSS/CBSS has 3
certificates (TLS server, TLS client, TLS client to sign documents),
and depending on the communications, one of the 3 is used. Clients
wishing to authenticate them should get the certificates. Clients
should also send their own certificate to KSZ/BCSS/CBSS.
Kurt
More information about the Validation
mailing list