eIDAS is becoming the only common Law on e-signatures (for the EU) and
I'm not aware of any regulation on mandatory CP/CPS structures.
Thanks,
M.D.
On 10/22/2015 8:56 PM, Richard Barnes wrote:
On Thu, Oct 22, 2015 at 1:42 PM, Kathleen Wilson <[email protected]>
wrote:
All,
In section 2.2 of version 1.3 of the CA/Browser Forum's Baseline
Requirements, it says:
"The disclosures MUST include all the material required by RFC 2527 or RFC
3647, and MUST be structured in accordance with either RFC 2527 or RFC
3647."
Some government CAs are bound by local e-signature laws that include a
guideline for the structure of the CPS, which is not in line with RFC 3647.
E-signature seems like a different application from HTTPS. Are they really
using the same CA for both? (That seems like a bad idea.) Or do these
e-signature laws somehow also impinge on web certificates?
--Richard
Would it be reasonable to allow an exception to this rule (structure CPS
according to RFC 36437)for government (non-commercial) CAs that are bound
by local law to use a different structure for their CPS?
Would such an exception require that the the CA hierarchy be bound to
certain TLDs (e.g. country-specific, .gov)?
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
