Well, I was discussing in the broader context :)
For example, you "could" simply indicate
BRComplianceDetails ::= SEQUENCE {
version OBJECT IDENTIFIER,
validationMethod INTEGER
}
As an extension
There are, of course, more efficient ways to structure this data (for
example, expandable enum of INTEGER values for version). I just provided
this as a quick and dirty example of how you could provide this information
within a certificate in a clear and auditable way. It could allow, for
example, auditors to ensure that their random sampling methodology
appropriately covered all validation methods the CA practiced, without
undermining the purpose and value of sampling.
On Mon, May 1, 2017 at 11:13 AM, Jeremy Rowley <[email protected]>
wrote:
> How does this work if the intermediate doesn't contain the anyPolicy OID?
>
> -----Original Message-----
> From: Public [mailto:[email protected]] On Behalf Of Gervase
> Markham via Public
> Sent: Monday, May 1, 2017 9:08 AM
> To: Ryan Sleevi <[email protected]>; CA/Browser Forum Public Discussion
> List
> <[email protected]>
> Cc: Gervase Markham <[email protected]>
> Subject: Re: [cabfpub] Ballot 190
>
> On 01/05/17 16:02, Ryan Sleevi wrote:
> > I did. It allows users to make an informed decision of the
> > trustworthiness of the information presented in the certificate, much
> > like EV policy OIDs and OV policy OIDs reportedly provide a stronger
> > level of assertion.
>
> Did you anticipate a marker both for the validation method and also for the
> version of the BRs used? Both would be needed to pin it down exactly.
>
> Gerv
> _______________________________________________
> Public mailing list
> [email protected]
> https://cabforum.org/mailman/listinfo/public
>
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
