On Thu, Oct 22, 2015 at 1:42 PM, Kathleen Wilson <[email protected]> wrote:
> All, > > In section 2.2 of version 1.3 of the CA/Browser Forum's Baseline > Requirements, it says: > > "The disclosures MUST include all the material required by RFC 2527 or RFC > 3647, and MUST be structured in accordance with either RFC 2527 or RFC > 3647." > > Some government CAs are bound by local e-signature laws that include a > guideline for the structure of the CPS, which is not in line with RFC 3647. > E-signature seems like a different application from HTTPS. Are they really using the same CA for both? (That seems like a bad idea.) Or do these e-signature laws somehow also impinge on web certificates? --Richard > Would it be reasonable to allow an exception to this rule (structure CPS > according to RFC 36437)for government (non-commercial) CAs that are bound > by local law to use a different structure for their CPS? > > Would such an exception require that the the CA hierarchy be bound to > certain TLDs (e.g. country-specific, .gov)? > > Kathleen > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
