Re: Intermediate common name ambiguous naming

2020-12-11 Thread Ryan Sleevi via dev-security-policy
Sure, is there a more specific question I could answer? I'm not really sure how to rephrase that, and CAs seem to understand it. [1] [1] https://www.abetterinternet.org/documents/2020-ISRG-Annual-Report.pdf On Fri, Dec 11, 2020 at 1:43 PM Burton wrote: > Ryan, > > Please could you expand a

Intermediate common name ambiguous naming

2020-12-11 Thread Burton via dev-security-policy
The common name of the Let's Encrypt R3 intermediate certificate ( https://crt.sh/?id=3479778542) is in my opinion short and ambiguous. It doesn't have any information in common name that can identify the operator of the CA "Let's Encrypt" which can cause confusion who is running the CA. The

Re: Intermediate common name ambiguous naming

2020-12-11 Thread Hanno Böck via dev-security-policy
Hi, On Fri, 11 Dec 2020 10:51:44 + Burton via dev-security-policy wrote: > The common name of the Let's Encrypt R3 intermediate certificate ( > https://crt.sh/?id=3479778542) is in my opinion short and ambiguous. > It doesn't have any information in common name that can identify the >

Re: Intermediate common name ambiguous naming

2020-12-11 Thread Ryan Sleevi via dev-security-policy
On Fri, Dec 11, 2020 at 11:34 AM Burton wrote: > The bits of information included in the CN field (company name, version, > etc) created intermediate separation from the rest and the additional > benefit of these bits of information included in the CN field in an > intermediate was a person

Re: Intermediate common name ambiguous naming

2020-12-11 Thread Burton via dev-security-policy
The bits of information included in the CN field (company name, version, etc) created intermediate separation from the rest and the additional benefit of these bits of information included in the CN field in an intermediate was a person could locate with some accuracy at first glance the CA the

Re: Intermediate common name ambiguous naming

2020-12-11 Thread Ryan Sleevi via dev-security-policy
On Fri, Dec 11, 2020 at 5:51 AM Burton via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The common name of the Let's Encrypt R3 intermediate certificate ( > https://crt.sh/?id=3479778542) is in my opinion short and ambiguous. It > doesn't have any information in common

Re: Intermediate common name ambiguous naming

2020-12-11 Thread Burton via dev-security-policy
Ryan, Please could you expand a little more on this? "*Ideally, users would most benefit from simply having a random value in the DN (no details, period) for both roots *and* intermediates, as this metadata both can and should be addressed by CCADB"* Burton On Fri, 11 Dec 2020, 16:49 Ryan