Sharing comments to the list per Tim saying that would be okay. ---------- Forwarded message --------- From: Tim Hollebeek <tim.holleb...@digicert.com> Date: Mon, Sep 23, 2019 at 3:56 PM Subject: RE: EV ACME To: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com>
1. Introduction “Code SIgning” -> “Code Signing” I don’t usually think of code signing being a subset of client certificates. I usually limit it to the Client Authentication EKU. 1. Top of page four: stray ? at end of line 2. Part 5: EV code signing certificates have a distinct set of requirements from EV web certificates. In particular, they don’t have associated domain names, nor is CAA checking done. It’s not entirely clear how it could be done, as the certificate links a public key to an organization, not a domain. 1. Lifetimes are less of an issue for code-signing certificates, but there is a legitimate use case for “one signature per certificate”, which also requires fast and easy issuance. Having only one signature per certificate makes it possible to revoke individual signatures. This should probably be discussed somewhere. *From:* Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> *Sent:* Friday, September 20, 2019 11:10 AM *To:* Tim Hollebeek <tim.holleb...@digicert.com> *Subject:* Re: EV ACME Hi Tim, Are you interested to help still with the ACME client draft? Would you like to send additions changes or work from the file? Thank you, Kathleen
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme