[cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements
Dimitris Zacharopoulos
jimmy at it.auth.gr
Wed Mar 1 08:43:23 UTC 2017
On 1/3/2017 10:22 πμ, Ryan Sleevi wrote:
>
>
> On Tue, Feb 28, 2017 at 11:36 PM, Dimitris Zacharopoulos via Public
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
> Perhaps changing the "Root CA Certificate" as "A CA Certificate in
> which the Public Key has been digitally signed by its
> corresponding Private Key with the intention to be distributed by
> Application Software Suppliers as a trust anchor". Would that work?
>
>
> I think this would be a step in the wrong direction. As we know from
> the discussions about the scope of the BRs, "intent" is something that
> is hard to audit and hard to document. We should avoid such
> definitions, and focus on clear technical definitions.
I agree with the general concept but this is a special case because when
you perform a Root Key Ceremony, the CA Certificate is not part of any
Trust store. Any language that would make this better is welcome.
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170301/c267c9f7/attachment-0003.html>
More information about the Public
mailing list