Hello Matthias! > From: Matthias van de Meent <[email protected]> > Sent: Friday, 25 March 2022 18:24 > Subject: Re: Public Discussion of DigiCert's Inclusion Request > > I have several reasons why I think "white label" CAs (as seen in [0]) don't > fit the BR: > > 1.) Misleading > > I think that "white label" CAs are at the very least misleading if the "white > labeled CA" 's > certificate contains no clear indication that this CA is not operated by the > subject of the certificate.
There is a very clear indication: the CP field of the certificate includes a link to a CP/CPS. This CP/CPS describes who the operator of the CA is. I believe that we can expect someone who wants to dive so deep into the heart of the operating model of the publicly trusted PKI ecosystem to understand the meaning of the CP field of a certificate. /Rufus -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AM8PR10MB4658487EE7BB074E0318B9E09E1D9%40AM8PR10MB4658.EURPRD10.PROD.OUTLOOK.COM.
