On 26/06/2017 23:53, Moudrick M. Dadashov wrote:
Hi Gerv,
FYI: ETSI TS 119 612 V2.2.1 (2016-04), Electronic Signatures and
Infrastructures (ESI); Trusted Lists
http://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.02.01_60/ts_119612v020201p.pdf
Having skimmed through this document, I find that particular format
unsuited for general use, due to the following issues:
- Excessive inclusion of information duplicated from the certificates
themselves.
- Complete repetition of all information for any root that is trusted
for multiple purposes.
- The use of long ETSI/EU-specific uris to specify simply things such as
"trusted"/"not trusted".
- Apparent lack of syntax for specifying scopes that are global but do
not represent a global authority (such as the UN).
- A notable lack of fields to represent the trust data that real world
commercial root programs typically need to specify for trusted CA
certs.
- The apparent need to go through ETSI-specific registration procedures
to add "extensions" and/or "identifiers" for anything missing.
- Mandatory provision of snail-mail technical support.
- EU specific oddities, such as alternative identifiers for some some EU
member states.
That said, it could provide some inspiration.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy