[cabf_validation] Enterprise RA and EV CRL Checking

Adriano Santoni adriano.santoni at staff.aruba.it
Thu Feb 24 08:14:49 UTC 2022

I take this opportunity to say that the words "at third and higher 
domain levels" seems rather ambiguous to me. I suppose that, here, it is 
implied that the second level is the one directly allocated/assigned to 
the Subscriber, but this is not necessarily a second level in the strict 
sense as it depends on the length (number of labels) that make up the 
public suffix. Unless I am misunderstanding those words.


Il 23/02/2022 20:39, Bruce Morton via Validation ha scritto:
> I have a couple of low priority items which I would just like to table.
> Enterprise RA and Enterprise EV RA
>   * BR Enterprise RA definition - An employee or agent of an
>     organization unaffiliated with the CA who authorizes issuance of
>     Certificates to that organization.
>   * EVG Enterprise EV RA definition - An RA that is authorized by the
>     CA to authorize the CA to issue EV Certificates at third and
>     higher domain levels.
>   * Although EVG has added “EV” to the definition, the EVGs never
>     reference “Enterprise EV RA”, but only “ Enterprise RA”.
>   * As I assume that the CAs use the Enterprise RA to perform the same
>     function, can we consolidate the definition and only include the
>     definition in the BRs?
> EV CRL Checking:
>   * EVG 13 states “CAs MUST ensure that CRLs for an EV Certificate
>     chain can be downloaded in no more than three (3) seconds over an
>     analog telephone line under normal network conditions.”
>   * This requirement was in draft 11 in 2007. I believe that it was
>     added to support dial up Windows users.
>   * Is it possible that we could drop this requirement and only
>     require BR 4.9?
> Thanks, Bruce.
> /Any email and files/attachments transmitted with it are confidential 
> and are intended solely for the use of the individual or entity to 
> whom they are addressed. If this message has been sent to you in 
> error, you must not copy, distribute or disclose of the information it 
> contains. _Please notify Entrust immediately_ and delete the message 
> from your system./
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/validation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20220224/bfeada8d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20220224/bfeada8d/attachment-0001.p7s>

More information about the Validation mailing list