On Monday, 30 January 2017 11:10:00 UTC, Gervase Markham wrote: > Could you point is at the parts of the CPS or other documents which led > you to that belief?
I examined a great many documents since Andrew's initial report. I think the document which originally caused me to form this incorrect assumption was CrossCert Certification Practice Statement Version 3.8.8 Effective Date: JUNE 29, 2012 this file was available from http://www.crosscert.com/symantec/certificationeng.pdf and is linked from the 2016 WebTrust audit report for CrossCert This document (which I will call CPS 3.8.8) contains a section 3.1.1 Type of Names which asserts "End-user Subscriber Certificates contain an X.501 distinguished name in the Subject name field and consist of the components specified in Table 5 below." Table 5 in CPS 3.8.8 says that the attribute Country (C) shall have the value “KR” or not used. It seemed to me that this document established that as a Relying Party I should conclude an end entity certificate with C=BD is not from CrossCert. Perhaps there's _another_ CPS somewhere else that says otherwise ? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy