RE: Name issues in public certificates

2015-11-19 Thread Robin Alden
Peter said.. > While I realize that it is not clear cut in many contexts, RFC 5280 is > rather clear cut. The authors clearly wanted to avoid stumbling and > being eaten by a grue, so they wrote: > >When the subjectAltName extension contains a domain name system >label, the domain name

Re: Certum Root Renewal Request

2015-11-19 Thread arkadiusz . lawniczak
Hi We've provided code signing certificates to our customers for many years. Also, at this time, the new root CTNCA 2 is going to be used for this purpose. When it comes to a specific group of customers, I would say it appears that we don't have customers who need to use our root from NSS root

Policy Update Proposal: Require full CP/CPS in English

2015-11-19 Thread Kathleen Wilson
I would like to discuss this proposal[1] next: - (D26) Add a requirement for CAs to provide English-translated versions of their complete CP / CPS I think we would have to narrow it down a bit, because some CAs have several CP/CPS documents for their various product offerings, not related

Re: Name issues in public certificates

2015-11-19 Thread Peter Bowen
On Thu, Nov 19, 2015 at 4:26 PM, Brian Smith wrote: > Peter Bowen wrote: >> >> Robin Alden wrote: >> Given that it doesn't, but that that the BRs say "MUST be either a >> dNSName containing the Fully‐Qualified Domain Name or an

Re: Certum Root Renewal Request

2015-11-19 Thread Kathleen Wilson
On 10/21/15 12:28 PM, Kathleen Wilson wrote: On 10/1/15 3:44 PM, Kathleen Wilson wrote: Unizeto Certum has applied to include the “Certum Trusted Network CA 2” root certificate, turn on all three trust bits, and enable EV treatment. This is the next generation of the “Certum Trusted Network CA”

Re: Name issues in public certificates

2015-11-19 Thread Peter Bowen
On Thu, Nov 19, 2015 at 11:57 AM, Robin Alden wrote: > Peter said.. >> While I realize that it is not clear cut in many contexts, RFC 5280 is >> rather clear cut. The authors clearly wanted to avoid stumbling and >> being eaten by a grue, so they wrote: >> >>When the

Re: Policy Update Proposal: Require full CP/CPS in English

2015-11-19 Thread Matt Palmer
On Thu, Nov 19, 2015 at 05:00:03PM -0800, Kathleen Wilson wrote: > Insert 3rd bullet point: > "- translate into English the Certificate Policy and Certification Practice > Statement documents pertaining to the certificates to be included and the > trust bits to be enabled;" > > I will appreciate

Re: SECOM Request for EV Treatment

2015-11-19 Thread h-kamo
2015年11月13日金曜日 23時27分46秒 UTC+9 Kathleen Wilson: > On 11/13/15 5:43 AM, Peter Kurrasch wrote: > > Kathleen, is SECOM getting special treatment? I was wondering if there was > > some reason to move forward before a CA has everything in order? Will we be > > seeing more of this going forward? > > >

Re: Name issues in public certificates

2015-11-19 Thread Patrick T
On Tuesday, 17 November 2015 08:04:41 UTC, Peter Bowen wrote: > Inspired by Rob Stradling's work > (https://cabforum.org/pipermail/public/2015-November/006269.html), I > wrote a quick tool to check that commonNames and Subject Alternative > Names in server auth certificates issued by public CAs