[cabfpub] SAN private extensions pursuant specific SSL/EV Spanish ruled profile

Dean Coclin Dean_Coclin at symantec.com
Wed Jul 6 20:55:37 UTC 2016 

I recall  there being some discussion on another list about this (perhaps Mozilla) and maybe others that follow that could comment.

 

If you want to bring this up on the CABF call, please let me know. Unfortunately this week’s agenda is full but we could schedule it for 2 weeks from now.


Thanks
Dean

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Chema Lopez
Sent: Wednesday, June 29, 2016 1:34 PM
To: public at cabforum.org
Subject: [cabfpub] SAN private extensions pursuant specific SSL/EV Spanish ruled profile

 

Dear all.

 

There was a law in Spain that regulates the profile for some specific certificates, i.e.:

1.	Civil Servant or Public Employee (natural person certificate)
2.	Electronic Seal for Automated Administrative Action
3.	Electronic Office Certificate (SSL or EV for Public Administrations)

You can find the profiles attached (unfortunately only in Spanish).

 

The problem is that these profiles required private extensions in the SAN, and this conflicts BR and EV Guidelines. At least, crt.sh shows this extensions as an error. See the private extensions below.



 

This law has been repealed recently and the new one does not require this extensions but, how do we, Spanish TSP, handle the SSL and EV certificates issued following the previous law? In my opinion, an exception needs to be added.

 

Thanks in advance for your comments.

 

Best regards,

	
Chema López González
Director Área de Innovación, Cumplimiento y Tecnología
AC Firmaprofesional S.A.

	

Av. Torre Blanca, 57. 
Edificio ESADECREAPOLIS - 1B13

08173 Sant Cugat del Vallès. Barcelona.

Tel: 93.477.42.45 / 666.429.224

 

El contenido de este mensaje y de sus anexos es confidencial. Si no es el destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este mensaje por error, le agradeceríamos que lo haga saber inmediatamente al remitente y que proceda a destruir el mensaje.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160706/482f1f01/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 45711 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160706/482f1f01/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160706/482f1f01/attachment.p7s>

More information about the Public mailing list