According to https://docs.google.com/document/d/1S3u0-_YACA7m-3LPpjE-t4WCh2cww_SQFh2C9DJeXHA/edit?tab=t.0 the "Subordinate CA Owner" field means:
"This is the Subordinate CA's name as it appears in the provided audit statements. CA Owners are to leave it blank if BOTH control of the private key AND domain/IP/email validation activities are performed by the organization listed in the audit statement of the parent certificate." First, "if" should be "if and only if". Otherwise, a CA is free to leave it blank even if a different organization controls the private key, which I don't think is the intent. Second, is this Google Doc considered part of the CCADB Policy? If not, the above passage should be added to the CCADB Policy so that CAs are actually required to follow it. Finally, is there any automated enforcement (e.g. Audit Letter Validation) to ensure that CAs are populating this field (or leaving it blank) correctly? Regards, Andrew -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/ccadb.org/d/msgid/public/20250925095032.42b5662fb13914039c8b3df3%40andrewayer.name.
