Hi Judith -
The text in question allows a CA to look at a third-party cert associated
with a signature and, if it's issued under an approved framework, the CA can
accept the individual identity attributes in the cert as verified.
When the BR was published it laid out acceptance criteria in
Hi Judith,
As I understand it, the proposed change is purely additive. That is, currently
there are no approved frameworks in the SBRs meaning that there is no way for a
compliant CA to rely upon a digital signature as evidence for the collection of
Individual identity attributes (or any other
Stephen
My primary concern with the proposed change is that once it finds it's way
into the BR, anyone not in the EU will be eliminated from trusting existing
digital signatures as evidence. For example, here in the U.S., the U.S.
Government has an extremely robust digital credential based on a
