[cabfpub] Application for SHA-1 Issuance
Dean Coclin
Dean_Coclin at symantec.com
Tue Jul 19 20:56:55 UTC 2016
Please see responses below, posted on behalf of TSYS.
From: public-bounces at cabforum.org On Behalf Of Andrew R. Whalley
The response I received from TSYS regarding the OU value is as follows:
"The value at the end of the OU, is an independent cryptographically created
identity value used by TSYS Support for the sole purpose of identifying the
site where the services terminate."
It would be useful to get more information on this point. For example:
* Is this required for correct operation of the systems using the
certificates?
It is not critical for SSL/TLS operations, however is used to distinguish
different certificates on different ports at the same site for the same
domain. It provides the Support Teams (non-technical teams) with a guaranteed
unique value to confirm the client is attempting to access the correct
service.
* Is the cryptographic operation something simple we could verify such as the
hash of the site name that could be provided?
The value is not a hash, it is a site identifying value that is randomly
generated using Agile Bits 1Password 6.4.3 Password Algorithms. It is
indented to remain sticky to the site/host going forward and will be used on
all subsequent certificate replacements of the same Certificate Type.
* Are any earlier existing certs that have the same style of OU value
available for inspection?
In the payment space, no, the additional element was added due to the
challenges teams had confirming a host and by certificate name when multiple
Virtual IPs/Ports exist for the same domain name.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160719/6751bb22/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160719/6751bb22/attachment-0001.p7s>
More information about the Public
mailing list