[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements
Jeremy Rowley
jeremy.rowley at digicert.com
Fri Jul 26 19:22:51 UTC 2013
Hi everyone,
As mentioned on the phone call last week, CAs have claimed exemption from
the BRs because the definition of a publicly-trusted SSL certificate is not
clear. I would like to clarify the scope of the BRs to avoid confusion on
what particular certificate contents are necessary to require compliance. I
am looking for on endorser (Stephen Davidson has already endorsed).
The third paragraph of Section 1 of the baseline requirements is:
"This version of the Requirements only addresses Certificates intended to be
used for authenticating servers accessible through the Internet. Similar
requirements for code signing, S/MIME, time-stamping, VoIP, IM, Web
services, etc. may be covered in future versions."
I'd like to replace the above text with the following:
"This version of the Baseline Requirements addresses all root, intermediate,
and end entity certificates that can be used in publicly-trusted SSL
handshakes. All root and intermediate certificates included in a browser's
trust store and all end entity certificates containing an extended key usage
extension of Server Authentication (1.3.6.1.5.5.7.3.1) are expressly covered
by these requirements. Similar requirements for code signing, S/MIME,
time-stamping, VoIP, IM, Web services, etc. may be covered in future
versions."
I look forward to your comments.
Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130726/1ed4e372/attachment-0002.html>
More information about the Public
mailing list