[cabf_validation] "Applicant" and "Applicant Representative" next steps
Corey Bonnell
Corey.Bonnell at digicert.com
Mon Feb 6 22:08:31 UTC 2023
Hello,
As previously mentioned on the last Validation call, here's my running list
of notable items that we found during our read of the BRs. I classified the
items in three buckets: "things to keep in mind", "to discuss further", and
"to do". "To discuss further" are items that likely require more discussion
prior to proposing concrete changes, while "to do" items are those that are
relatively straightforward.
Please let me know if I missed any items that were brought up but not listed
below.
To keep in mind:
1. Try to maintain current language/meaning of Subscriber Agreement/Terms of
Use to avoid messy legal changes
To discuss further:
1. Do we need a term to encompass the concept of a current Subscriber that
has submitted a Certificate Request for a new Certificate?
2. Ben's language for section 1.3.3:
https://lists.cabforum.org/pipermail/validation/2022-November/001826.html
a. Does this resolve concerns around CAs issuing Test Website certificates,
etc.?
3. More closely examine references to "hosting providers" in section 9.6.3
and other locations
a. This ties very closely into the extensive discussion in November on
"Cloud Providers" issuing certificates from CAs that are controlled by the
"Cloud Provider":
https://lists.cabforum.org/pipermail/validation/2022-November/001827.html
4. What exactly is a "certificate request"? Sections 4.1 and 4.2 need help,
as it's not clear what exactly a "certificate request" is or what exactly a
"certificate request" is comprised of
(https://github.com/cabforum/servercert/issues/400)
5. What do the Terms of Use accomplish when the Subscriber is the CA?
To do:
1. Revive ballot to distinguish Secret vs. Freshness Random Values
2. Make clear that CAs must maintain validation records for their own
Certificates
3. Use same construction of the initial sentence in 3.2.3 as in 3.2.5 to
avoid requiring identity verification for DV certificates requested by
natural persons
4. Move final sentence of 3.2.3 to 3.2.5, perhaps making a new sub-section
to clarify intent
5. Replace "Applicant" with "Subscriber" in section 4.9 ("e.g. a court or
arbitrator has revoked a Domain Name Registrant's right to use the Domain
Name, a relevant licensing or services agreement between the Domain Name
Registrant and the Applicant has terminated, or the Domain Name Registrant
has failed to renew the Domain Name")
6. 9.6.3 replace "Subscriber" with "Applicant/Subscriber"
a. or split 9.6.3 into two sub-sections: one for initial certificate
request, and another section for subsequent requests
7. Clean up 9.6.3 (4) for removal of "install"
Thanks,
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230206/b8b0dad8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20230206/b8b0dad8/attachment.p7s>
More information about the Validation
mailing list