[cabfpub] (Eventually) requiring id-kpServerAuth for all certs in the chain?

Kelvin Yiu kelviny at exchange.microsoft.com
Fri Nov 21 10:15:59 MST 2014


Of course each browser will reserve their right to accept alternative criteria. Microsoft would also assert its right to allow audit government equivalency until the phase out date.

My point is to make the common audit criteria that all browsers say they accept clearer. In theory, allowing the CABF to maintain a list of suitable audit criteria could also create a more open process to review new audit criteria and possibly to phase out audit criteria that has not been keeping up with the latest BR. It will also make it easier for CAs to deal with multiple browser requirements. 

Kelvin

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Friday, November 21, 2014 3:49 AM
To: Kelvin Yiu; Ryan Sleevi; CABFPub
Subject: Re: [cabfpub] (Eventually) requiring id-kpServerAuth for all certs in the chain?

On 21/11/14 03:06, Kelvin Yiu wrote:
> Instead of each browser root program maintaining their own separate 
> audit requirements, would it be better for the CABF as a body to 
> maintain a list of suitable audit criteria (along with the version of 
> the audit criteria and possibly auditor qualification information) in 
> a separate guidelines document that browsers can reference?

Mozilla reserves the right to accept audit criteria that we define. So an advisory document which kept up with the latest in what WebTrust and ETSI are doing would be great and welcome. (Something more mandatory would not.)

Gerv


More information about the Public mailing list