[cabf_validation] 7.1.2.2.h Subordinate CA Common Name

Ben Wilson ben.wilson at digicert.com
Thu Feb 23 10:04:04 MST 2017


As a follow up to today's discussion, here is a first draft of an amendment
to the Baseline Requirements that would address the requirement to have a
Common Name in CA certificates.

 

7.1.2.2. Subordinate CA Certificate

h.	Subject Information

The Certificate Subject MUST contain the following:

- countryName (OID 2.5.4.6). This field MUST contain the two-letter ISO
3166-1 country code for the country in which the CA's place of business is
located.

- organizationName (OID 2.5.4.10): This field MUST be present and the
contents MUST contain either the Subject CA's name or DBA as verified under
Section 3.2.2.2. The CA may include information in this field that differs
slightly from the verified name, such as common variations or abbreviations,
provided that the CA documents the difference and any abbreviations used are
locally accepted abbreviations; e.g., if the official record shows "Company
Name Incorporated", the CA MAY use "Company Name Inc." or "Company Name".

- commonName (OID 2.5.4.3):  This field MUST be present for Subordinate CA
Certificates where the corresponding Key Pair is generated after [compliance
date].

 

This raises a question for similar language in section 7.1.2.1.e, Subject
information for Root CA Certificates:

 

e.            Subject Information

The Certificate Subject MUST contain the following:

- countryName (OID 2.5.4.6). This field MUST contain the two-letter ISO
3166-1 country code for the country in which the CA's place of business is
located.

- organizationName (OID 2.5.4.10): This field MUST be present and the
contents MUST contain either the Subject CA's name or DBA as verified under
Section 3.2.2.2. The CA may include information in this field that differs
slightly from the verified name, such as common variations or abbreviations,
provided that the CA documents the difference and any abbreviations used are
locally accepted abbreviations; e.g., if the official record shows "Company
Name Incorporated", the CA MAY use "Company Name Inc." or "Company Name".

- commonName (OID 2.5.4.3) ):  This field MUST be present for Root CA
Certificates where the corresponding Key Pair is generated after [compliance
date].

 

 

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170223/222f7f21/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 28545 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170223/222f7f21/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170223/222f7f21/attachment-0001.bin>


More information about the Validation mailing list