> This raises a question about the MDSP policy and CAB Forum requirements. Who > is the subscriber in the reseller relation? We believe this to be the key > holder. However, the language is unclear.
‘Subscriber’ is a defined term in the BRs: Subscriber: A natural person or Legal Entity to whom a Certificate is issued and who is legally bound by a Subscriber Agreement or Terms of Use. That’s pretty clear and can’t be stretched to cover a reseller—a reseller won’t be able to comply with a Subscriber Agreement. > At this time, Trustico has not provided any information about how these > certificates were compromised or how they acquired the private keys. One question I would have is whether Trustico is in compliance with 6.1.2, "Parties other than the Subscriber SHALL NOT archive the Subscriber Private Key without authorization by the Subscriber.”
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
