Ben, That language is already in the BRs. It is unchanged in this ballot.
Thanks, Peter > On May 5, 2017, at 10:57 AM, Ben Wilson via Public <[email protected]> > wrote: > > Gerv, > > I think this still presents problems for vanity CAs. I can agree with the > need to validate the entity in the O field (i.e. that the root CA has > permission to create a CA with the sub CA's tradename), but I would want to > preserve some flexibility. Right now, the language I'm concerned about says, > "This field MUST be present and the contents MUST contain either the Subject > CA’s name or DBA as verified under Section 3.2.2.2." How strict will this be > interpreted / applied? > Also, I assume an internally operated CA with a vanity CA name would still be > included in the root CA's audits but what BR-related obligations might be > unintentionally incurred by the entity listed in the O field. > > Ben > > -----Original Message----- > From: Gervase Markham [mailto:[email protected]] > Sent: Friday, May 5, 2017 7:23 AM > To: Ben Wilson <[email protected]>; CA/Browser Forum Public Discussion > List <[email protected]> > Subject: Re: [cabfpub] Ballot 199 - Require commonName in Root and > Intermediate Certificates > > On 04/05/17 16:20, Ben Wilson wrote: >> 1 - Does this ballot rule out “vanity CAs” – CAs with customer names >> in the subject field, even though the key is held by the root CA? (I >> can provide further clarification, and/or examples, if necessary. > > I don't think so. It doesn't mandate the contents of the CN field other than > a SHOULD-based uniqueness constraint. > >> 2- What is the full current wording of Ballot 199? > > It is as posted on 25th April, but with a MUST changed to a SHOULD. I will > send out a full copy. > > Gerv > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
