On 1/3/2017 10:22 πμ, Ryan Sleevi wrote:
On Tue, Feb 28, 2017 at 11:36 PM, Dimitris Zacharopoulos via Public <[email protected] <mailto:[email protected]>> wrote:Perhaps changing the "Root CA Certificate" as "A CA Certificate in which the Public Key has been digitally signed by its corresponding Private Key with the intention to be distributed by Application Software Suppliers as a trust anchor". Would that work?I think this would be a step in the wrong direction. As we know from the discussions about the scope of the BRs, "intent" is something that is hard to audit and hard to document. We should avoid such definitions, and focus on clear technical definitions.
I agree with the general concept but this is a special case because when you perform a Root Key Ceremony, the CA Certificate is not part of any Trust store. Any language that would make this better is welcome.
Dimitris.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
