All,
The Policy Review Working Group has been reviewing the use of the term
"Certification Authority" in the BRs and is now considering adopting a
use of the term "Trust Service Provider", which is included in ISO 21188
(referenced by WebTrust for CAs) and ETSI definitions. In general, the
term "CA" might be used for the more technical systems for issuing and
revoking certificates, while Trust Service Providers could be used for
recognizing that a party could operate multiple CAs with different policies.
A proposed definition of "*Certification Authority (CA)*" is "a
technical certificate generation service that is trusted by one or more
entities to create, sign, revoke, and provide status information for
public key certificates and is operated by a Trust Service Provider."
"*Trust Service Provider (TSP)*" would be defined as "an organization
providing trust services, through a number of Certification Authorities,
to their customers who may act as Subscribers or Relying Parties."
The goal of the WG is to modify the BRs to be clearer on the use of
terms, but not otherwise to change any rules. By defining "CA" as the
technical entity and "TSP" as the provider, we think we can minimize the
number of changes while clarifying the Baseline Requirements.
We invite your comments on this topic.
Dimitris.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
