Hi Rolf,
Thank you for taking your time here. Please allow me a few more questions...
On 03/23/2009 07:14 PM, Rolf Lindemann:
1. General description of the sub-CAs operated by third parties.
--> This sub-CA 1 is used to issue certificate to company internal devices.
All relying parties are company internal.
Can you explain into more depth how exactly the relying parties remain
company internal?
Does this apply to all sub CAs which potentially may appear in the future?
How are the CA certificates protected?
Can this CA potentially issue to any other entity beyond the company
internal usage?
* domain ownership/control
--> Certificates are issued only company internal and all relying parties are
only company internal, so domain ownership/control needs not to be verified.
Even though this appears to be a special situation - not withholding the
questions above - this would in fact not conform to the Mozilla CA
Policy requirements.
* email address ownership/control
Certificates are issued to company internal devices and all relying parties
are only company internal.
The same here.
2. The CP/CPS that the sub-CAs are required to follow.
--> The sub-CA 2 is required to follow the TC TrustCenter CPD.
How do you make reasonable sure that the requirement is kept?
5. Description of audit requirements for sub-CAs (typically in the CP or CPS)
* Whether or not the root CA audit includes the sub-CAs.
* Who can perform the audits for sub-CAs.
* Frequency of the audits for sub-CAs.
These requirements apply to the Root and are covered by TC TrustCenter's
CPS.
In other words, no such requirements exist for the sub CA?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
