[cabfpub] Clarification of the "CA" term in the BRs

Peter Bowen pzb at amzn.com
Mon Oct 24 17:30:24 UTC 2016


Thank you for working on this.  The lack of clarity with regards to “Root CA” and “Subordinate CA” is one that needs resolving to ensure all have a common understanding of what it expected of them.

I also appreciate the objective to change as little as possible to get this clarity.  As Ryan Sleevi pointed out yesterday, this is a complex issue as a single organization can have multiple CPSes and a single key pair can be used for multiple DNs and there can be multiple CA certificate with the same subject.

I think we may need to reconsider whether the majority of cases can be considered to be the Key Pair + Distinguished Name case and make the organization case the outlier.


> On Oct 19, 2016, at 5:20 AM, Dimitris Zacharopoulos via Public <public at cabforum.org> wrote:
> After working this topic for quite some time in the Policy Review WG, we consider it ready to be discussed on the public list and we encourage members to provide feedback and comments. Here is some information about the attached document:
> It is based on the BRs version 1.3.7. We didn't always update to the latest version because these changes are quite basic and could be implemented on any latest version of the BRs.
> At first (almost 6 months back), it was decided that minimal changes should take place which would make a revision ballot more easily adopted by the forum. Now, with the new process that requires longer time for review/adoption than before (for IPR issues), we decided that we should also provide clarity on the "signing" operations. So, you will see a more technically accurate language that replaces the concept of a Certificate being "signed by a CA Certificate". The language now includes Keys associated with specific Certification Authority Certificates.
> This red-lined document does not attempt to solve all problematic language in the BRs but only the usage of the term "CA" and Keys associated with CA Certificates. Other clarifications for other terms will be addressed in the future.
> We believe that this version, to the best of our knowledge, uses the term "CA", "Root CA", "Root Certificate" and "Subordinate CA Certificate" consistently. If you spot an ambiguity we missed, please let us know.
> We don't need to wait for the re-adoption process of the BRs and EV guidelines in order to discuss this amendment. We hope to complete this discussion process, prepare a proper ballot and once the re-adoption is complete, we can officially submit it for review.
> You may find for more information and comments on the Policy Review WG mailing archive <https://cabforum.org/pipermail/policyreview/>. Here  <https://cabforum.org/pipermail/policyreview/2016-October/000341html>is the latest message on this topic. You are also welcome to comment during slot #6 (Working Group reports) at the F2F.
> Best regards,
> Dimitris Zacharopoulos.
> <BR 1.3.7-with-comments-regarding-CA-subCA-intermediateCA v5.docx>_______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161024/90648778/attachment-0003.html>

More information about the Public mailing list