[cabf_validation] Subject/Subscriber Relationship in BRs
Rick Andrews
Rick_Andrews at symantec.com
Thu Mar 24 09:34:09 MST 2016
I don't think so. We got pretty deep into one issue, whether the CA needs to know if they're dealing with a hosting company or reseller, and prohibit the user of the random value method in that case. Not sure we satisfactorily resolved that.
-Rick
-----Original Message-----
From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Thursday, March 24, 2016 9:02 AM
To: Peter Bowen <pzb at amzn.com>; validation at cabforum.org
Subject: Re: [cabf_validation] Subject/Subscriber Relationship in BRs
My apologies for missing the call this morning. Where are we at? Can we provide an update (and new draft) to the Forum at next Thursday's call?
-----Original Message-----
From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Thursday, March 24, 2016 8:50 AM
To: validation at cabforum.org
Subject: [cabf_validation] Subject/Subscriber Relationship in BRs
As discussed on the call there are several parts of the BRs that either say or strongly imply that the Subject and Subscriber must be the same entity. If we want to allow them to be different unrelated entities, then several items will need to be changed.
“The Subject is either the Subscriber or a device under the control and operation of the Subscriber.” (BR §1.6.1 “Subject”) This seems very clear.
“Applicant: The natural person or Legal Entity that applies for (or seeks renewal of) a Certificate. Once the Certificate issues, the Applicant is referred to as the Subscriber” (BR §1.6.1 “Applicant”) This makes it clear that the terms Applicant and Subscriber refer to the same entity.
“If the Subject Identity Information is to include the name or address of an organization, the CA SHALL verify the identity and address of the organization and that the address is the Applicant’s (Subscriber’s) address of existence or operation.” (BR §3.2.2.1) The Applicant/Subscriber and Subject have to share a postal address.
“If the Subject Identity Information is to include a DBA or tradename, the CA SHALL verify the Applicant’s (Subscriber’s) right to use the DBA/tradename” (BR §3.2.2.2) “the CA implemented a procedure for verifying that the Subject authorized the issuance of the Certificate and that the Applicant (Subscriber) Representative is authorized to request the Certificate on behalf of the Subject” (BR §9.6.1 #2) I think this is neutral — Company A could authorize Company B to use their name to get a certificate
_______________________________________________
Validation mailing list
Validation at cabforum.org
https://cabforum.org/mailman/listinfo/validation
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
</pre></td></tr></table>
_______________________________________________
Validation mailing list
Validation at cabforum.org
https://cabforum.org/mailman/listinfo/validation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5749 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160324/7796c4e9/attachment-0001.bin
More information about the Validation
mailing list