Re: Question about Baseline Requirements section #7.1.4.2

On Wed, Feb 8, 2017 at 4:28 AM, Gervase Markham wrote: > On 24/01/17 00:01, Peter Bowen wrote: >> I agree that the BRs could be clearer, but it seems to me that the >> only requirements are country and organization name. > > Hi Peter, > > Can you point me at which section requires those two fields

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 00:01, Peter Bowen wrote: > I agree that the BRs could be clearer, but it seems to me that the > only requirements are country and organization name. Hi Peter, Can you point me at which section requires those two fields? Thanks, Gerv ___ d

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 19:09, Kathleen Wilson wrote: > Gerv, I'm assuming that you will handle the policy (or BR?) update > regarding the requirement for subject commonName to be present when > basicConstraints:cA is true. I think this would be best as an update to the BRs. However, we are expecting a flood

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:40 μμ, Dimitris Zacharopoulos wrote: On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging info

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:40 μμ, Dimitris Zacharopoulos wrote: On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging info

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging information between these sections, but there was not eno

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 06:50, Dimitris Zacharopoulos wrote: > The CA/B Forum Policy Review WG made some effort > to > clarify this by merging information between these sections, but there > was not enough support to proceed. Dean's summary

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/2017 22:47, Kurt Roeckx wrote: On Mon, Jan 23, 2017 at 04:01:58PM -0800, Peter Bowen wrote: On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? If yes, where does it speci

Re: Question about Baseline Requirements section #7.1.4.2

On Mon, Jan 23, 2017 at 04:01:58PM -0800, Peter Bowen wrote: > On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: > > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only > > apply to end-entity certificates? > > > > If yes, where does it specify that in the document? >

Re: Question about Baseline Requirements section #7.1.4.2

Thanks, everyone, for your quick response. I have updated the following to indicate that section 7.1.4.2 of the BRs only applies to end-entity certs. https://bugzilla.mozilla.org/show_bug.cgi?id=1099311#c19 https://github.com/kroeckx/x509lint/issues/18 https://wiki.mozilla.org/CA:TestErrors#CA.2

Re: Question about Baseline Requirements section #7.1.4.2

On Tue, Jan 24, 2017 at 8:05 AM, Gervase Markham wrote: > On 24/01/17 15:48, Peter Bowen wrote: >> I think it would be completely reasonable for Mozilla to require a >> commonName in an update to the policy. I thought it was there, but a >> CA pushed back on a cablint error about not having one a

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 15:48, Peter Bowen wrote: > I think it would be completely reasonable for Mozilla to require a > commonName in an update to the policy. I thought it was there, but a > CA pushed back on a cablint error about not having one a while ago and > I wasn't able to find any proof it was requir

Re: Question about Baseline Requirements section #7.1.4.2

On Tue, Jan 24, 2017 at 12:28 AM, Inigo Barreira wrote: > Yes, I´m also agree. This was also taken into account when writting the ETSI > standards, and for the CA certs, the minumun is what Peter has indicated > plus the common name. We indicate that "... shall contain at least the > following att

RE: Question about Baseline Requirements section #7.1.4.2

ubject: Re: Question about Baseline Requirements section #7.1.4.2 On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? > > If yes, where does it specify that in the document?

Re: Question about Baseline Requirements section #7.1.4.2

On 24/1/2017 2:01 πμ, Peter Bowen wrote: On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? If yes, where does it specify that in the document? This has come up in a few CA reques

Re: Question about Baseline Requirements section #7.1.4.2

On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only > apply to end-entity certificates? > > If yes, where does it specify that in the document? > > This has come up in a few CA requests, due to errors we get when we r

Question about Baseline Requirements section #7.1.4.2

All, Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? If yes, where does it specify that in the document? This has come up in a few CA requests, due to errors we get when we run Kurt's x509lint test. Example: https://github.com/kroeck