[cabf_validation] Enterprise RA
tim.hollebeek at digicert.com
Fri Jul 29 18:09:53 UTC 2022
We support this one too.
From: Validation <validation-bounces at cabforum.org> On Behalf Of Bruce Morton via Validation
Sent: Friday, July 29, 2022 1:25 PM
To: CABforum3 <validation at cabforum.org>
Subject: [cabf_validation] Enterprise RA
Enterprise RA and Enterprise EV RA
* BR Enterprise RA definition - An employee or agent of an organization unaffiliated with the CA who authorizes issuance of Certificates to that organization.
* EVG Enterprise EV RA definition - An RA that is authorized by the CA to authorize the CA to issue EV Certificates at third and higher domain levels.
* Although EVG has added "EV" to the definition, the EVGs never reference "Enterprise EV RA", but only " Enterprise RA". Also, the CA must perform validation for EV and non-EV TLS certificates before issuance. The function of the Enterprise RA is to be able to allow certificates to be issued, based on the on the reuse of this data. I think "third or higher domain levels" actually restricts reuse for EV, but is not restricted for non-EV certificates.
My proposal is a follows:
EVG 4, delete, "Enterprise EV RA: An RA that is authorized by the CA to authorize the CA to issue EV Certificates at third and higher domain levels."
Note since EVG 4 states, "Capitalized Terms are defined in the Baseline Requirements except where provided below", Enterprise RA definition will be used from the Baseline Requirements.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Validation