“The certificate request MAY include all factual information about the Applicant to be included in the Certificate, and such additional information as is necessary for the CA to obtain from the Applicant in order to comply with these Requirements and the CA’s Certificate Policy and/or Certification Practice Statement.”
* This indicates a certificate request may include partial information. “ In cases where the certificate request does not contain all the necessary information about the Applicant, the CA SHALL obtain the remaining information from the Applicant or, having obtained it from a reliable, independent, third‐party data source, confirm it with the Applicant. The CA SHALL establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant. Applicant information MUST include, but not be limited to, at least one Fully‐Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension.” * The CA can get additional information as necessary to support the issuance. The only information required is at least one FQDN. Provided one FQDN is provided, the rest of the information can be obtained by the CA after the initial request. Information obtained after the request may include the date to issue the certificate and additional FQDNs. From: Public [mailto:[email protected]] On Behalf Of Ryan Sleevi via Public Sent: Friday, May 19, 2017 6:48 PM To: Jeremy Rowley <[email protected]> Cc: Ryan Sleevi <[email protected]>; CA/Browser Forum Public Discussion List <[email protected]> Subject: Re: [cabfpub] Preballot - Revised Ballot 190 On Fri, May 19, 2017 at 8:45 PM, Jeremy Rowley <[email protected] <mailto:[email protected]> > wrote: A slightly different third interpretation: - Obtaining a partial request (under 4.2.1, the certificate request does not contain all necessary information…) How is the notion of "partial request" supported, in light of 4.1.2? If we support the notion of "partial request", then what is the absolute minimum amount of information to distinguish that from "no request"? I don't disagree we can come up with lots of words for those things, but I don't see how they're supported :)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
