> On 4 May 2017, at 12:30 pm, Ryan Sleevi via Public <[email protected]> > wrote: > > Kirk raised that, but it does not seem to be a founded concern. > > 1) That requirement applies to all certificates issued against the current BRs > 2) The BRs do not retroactively invalidate - or, especially in the case of > Ballot 197 - approve - certificate issuance. > > A CA has always and only been obligated to state compliance with the in-force > BRs with respect to issuance and its activities.
In this context, saying the BRs apply to ‘all certificates issued’ might mean that you could no longer issue a certificate against a root without a common name, and so cannot renew any sub-CAs. > On Thu, May 4, 2017 at 3:27 PM, Steve Medin via Public <[email protected] > <mailto:[email protected]>> wrote: > Gerv, could we also request explicit forward-looking language? Kirk raised > the concern about whether this applies to existing roots and intermediates. > We have a root issued in 1997 that does not have a common name. Some > interpretations have been discussed, but we would strongly prefer that this > be written into this change for clear future interpretations. > > > > If I may: > > > > 7.1.4.3. Subject Information – Root Certificates and Subordinate CA > Certificates > > When issuing a Root Certificate or Subordinate CA Certificate, the CA > represents that it followed the procedure set forth in its Certificate Policy > and/or Certification Practice Statement to verify that, as of the > Certificate’s issuance date, all of the Subject Information was accurate and > included the content required by this section.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
