Re: [cabfpub] Ballot 190

[Jeremy Rowley via Public]

Should we include the domain name in that sequence so it’s not ordered? 

 

Such as:  

 

BRComplianceDetails ::= SEQUENCE {

            dNSName                   IA5String,

            version                        OBJECT IDENTIFIER,

            validationMethod        INTEGER

}

 

 

From: Ryan Sleevi [mailto:sle...@google.com] 
Sent: Monday, May 1, 2017 9:18 AM
To: Jeremy Rowley <jeremy.row...@digicert.com>
Cc: CA/Browser Forum Public Discussion List <public@cabforum.org>; Gervase 
Markham <g...@mozilla.org>
Subject: Re: [cabfpub] Ballot 190

 

Well, I was discussing in the broader context :)

 

For example, you "could" simply indicate

 

BRComplianceDetails ::= SEQUENCE {

  version   OBJECT IDENTIFIER,

  validationMethod  INTEGER

}

 

As an extension

 

There are, of course, more efficient ways to structure this data (for example, 
expandable enum of INTEGER values for version). I just provided this as a quick 
and dirty example of how you could provide this information within a 
certificate in a clear and auditable way. It could allow, for example, auditors 
to ensure that their random sampling methodology appropriately covered all 
validation methods the CA practiced, without undermining the purpose and value 
of sampling.

 

On Mon, May 1, 2017 at 11:13 AM, Jeremy Rowley <jeremy.row...@digicert.com 
<mailto:jeremy.row...@digicert.com> > wrote:

How does this work if the intermediate doesn't contain the anyPolicy OID?

-----Original Message-----
From: Public [mailto:public-boun...@cabforum.org 
<mailto:public-boun...@cabforum.org> ] On Behalf Of Gervase
Markham via Public
Sent: Monday, May 1, 2017 9:08 AM
To: Ryan Sleevi <sle...@google.com <mailto:sle...@google.com> >; CA/Browser 
Forum Public Discussion List
<public@cabforum.org <mailto:public@cabforum.org> >
Cc: Gervase Markham <g...@mozilla.org <mailto:g...@mozilla.org> >
Subject: Re: [cabfpub] Ballot 190

On 01/05/17 16:02, Ryan Sleevi wrote:
> I did. It allows users to make an informed decision of the
> trustworthiness of the information presented in the certificate, much
> like EV policy OIDs and OV policy OIDs reportedly provide a stronger
> level of assertion.

Did you anticipate a marker both for the validation method and also for the
version of the BRs used? Both would be needed to pin it down exactly.

Gerv

_______________________________________________
Public mailing list
Public@cabforum.org <mailto:Public@cabforum.org> 
https://cabforum.org/mailman/listinfo/public

 

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public