Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

> > Hopefully that made sense? Thanks for the information, the situation is not so bad as we thougth before. If I understand well, the same intermediate CA may issue EV and OV certificates, but the proper CP OID shall be included in the TLS certificate. It menas that the service provider

Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

On Thu, Apr 18, 2019 at 9:56 AM Sándor dr. Szőke via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Thank you for the valuable information. > > > I try to summarize the possibilities to issue PSD2 QWAC certificates. > > - If a CA issues PSD2 QWAC certificate now, it SHALL

RE: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

Hi Sandor, You can follow the ballot status in the Server Certificate Working Group mail archives here: https://cabforum.org/pipermail/servercert-wg/ and specifically in this thread: https://cabforum.org/pipermail/servercert-wg/2019-April/000723.html Voting will start at least a week after the

Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

Thank you for the valuable information. I try to summarize the possibilities to issue PSD2 QWAC certificates. - If a CA issues PSD2 QWAC certificate now, it SHALL NOT include the CABF EV CPOID in it, but instead of that the certificate should contain the CABF OV CPOID value. - If the CA

Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

On Wed, Apr 17, 2019 at 2:23 PM Doug Beattie wrote: > > The ETSI requirements for QWAC are complicated and not all that clear to > me, but is it possible to use OV certificate and Policy OIDs as the base > instead of EV? Since OV permits additional Subject Attributes, then that > approach would

Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

I agree with Doug's interpretation. Dimitris. On 17/4/2019 9:23 μ.μ., Doug Beattie via dev-security-policy wrote: The ETSI requirements for QWAC are complicated and not all that clear to me, but is it possible to use OV certificate and Policy OIDs as the base instead of EV? Since OV

RE: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

The ETSI requirements for QWAC are complicated and not all that clear to me, but is it possible to use OV certificate and Policy OIDs as the base instead of EV? Since OV permits additional Subject Attributes, then that approach would not be noncompliant. Certainly issuing a QWAC needs to

Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9

On Wed, Apr 17, 2019 at 11:20 AM Sándor dr. Szőke via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Extended Validation (EV) certificates and EU Qualified certificates for > website authentication (QWAC). > > > European Union introduced the QWAC certificates in the eIDAS