Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 00:01, Peter Bowen wrote: > I agree that the BRs could be clearer, but it seems to me that the > only requirements are country and organization name. Hi Peter, Can you point me at which section requires those two fields? Thanks, Gerv ___

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:40 μμ, Dimitris Zacharopoulos wrote: On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging

Re: Question about Baseline Requirements section #7.1.4.2

On 25/1/2017 1:25 μμ, Gervase Markham wrote: On 24/01/17 06:50, Dimitris Zacharopoulos wrote: The CA/B Forum Policy Review WG made some effort to clarify this by merging information between these sections, but there was not

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 06:50, Dimitris Zacharopoulos wrote: > The CA/B Forum Policy Review WG made some effort > to > clarify this by merging information between these sections, but there > was not enough support to proceed. Dean's summary

Re: Question about Baseline Requirements section #7.1.4.2

On Mon, Jan 23, 2017 at 04:01:58PM -0800, Peter Bowen wrote: > On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: > > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only > > apply to end-entity certificates? > > > > If yes, where does it specify

Re: Question about Baseline Requirements section #7.1.4.2

On Tue, Jan 24, 2017 at 8:05 AM, Gervase Markham wrote: > On 24/01/17 15:48, Peter Bowen wrote: >> I think it would be completely reasonable for Mozilla to require a >> commonName in an update to the policy. I thought it was there, but a >> CA pushed back on a cablint error

Re: Question about Baseline Requirements section #7.1.4.2

On 24/01/17 15:48, Peter Bowen wrote: > I think it would be completely reasonable for Mozilla to require a > commonName in an update to the policy. I thought it was there, but a > CA pushed back on a cablint error about not having one a while ago and > I wasn't able to find any proof it was

Re: Question about Baseline Requirements section #7.1.4.2

On Tue, Jan 24, 2017 at 12:28 AM, Inigo Barreira wrote: > Yes, I´m also agree. This was also taken into account when writting the ETSI > standards, and for the CA certs, the minumun is what Peter has indicated > plus the common name. We indicate that "... shall contain at

RE: Question about Baseline Requirements section #7.1.4.2

dev-security-pol...@lists.mozilla.org Subject: Re: Question about Baseline Requirements section #7.1.4.2 On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson <kwil...@mozilla.com> wrote: > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? > >

Re: Question about Baseline Requirements section #7.1.4.2

On Mon, Jan 23, 2017 at 3:32 PM, Kathleen Wilson wrote: > Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only > apply to end-entity certificates? > > If yes, where does it specify that in the document? > > This has come up in a few CA requests, due to

Question about Baseline Requirements section #7.1.4.2

All, Does section 7.1.4.2 of the CA/Browser Forum's Baseline Requirements only apply to end-entity certificates? If yes, where does it specify that in the document? This has come up in a few CA requests, due to errors we get when we run Kurt's x509lint test. Example: