[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements

Jeremy Rowley jeremy.rowley at digicert.com
Fri Jul 26 19:22:51 UTC 2013


Hi everyone, 

 

As mentioned on the phone call last week, CAs have claimed exemption from
the BRs because the definition of a publicly-trusted SSL certificate is not
clear.   I would like to clarify the scope of the BRs to avoid confusion on
what particular certificate contents are necessary to require compliance.  I
am looking for on endorser (Stephen Davidson has already endorsed).

 

The third paragraph of Section 1 of the baseline requirements is:

"This version of the Requirements only addresses Certificates intended to be
used for authenticating servers  accessible through the Internet. Similar
requirements for code signing, S/MIME, time-stamping, VoIP, IM, Web
services, etc. may be covered in future versions."

 

I'd like to replace the above text with the following:

"This version of the Baseline Requirements addresses all root, intermediate,
and end entity certificates that can be used in publicly-trusted SSL
handshakes.  All root and intermediate certificates included in a browser's
trust store and all end entity certificates containing an extended key usage
extension of Server Authentication (1.3.6.1.5.5.7.3.1) are expressly covered
by these requirements. Similar requirements for code signing, S/MIME,
time-stamping, VoIP, IM, Web services, etc. may be covered in future
versions."

 

I look forward to your comments.

 

Jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130726/1ed4e372/attachment-0002.html>


More information about the Public mailing list