Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

CABForum Minimum Requirements - discussion

33 views

Skip to first unread message

Gervase Markham

unread,

Sep 23, 2010, 12:57:35 PM9/23/10

to mozilla-dev-s...@lists.mozilla.org, Kathleen Wilson, Sid Stamm

At the same time that Mozilla is updating our CA Certificate Policy,
including the baseline things we require from CAs, the CABForum is also
interested in creating a set of Minimum Requirements for CAs. (This is a
discussion which started some time ago, but has recently been revived.)
There is obviously a great deal of potential overlap between these two
documents, and we are interested in having the two discussions inform
each other.

Therefore, Mozilla would like to make the CABForum draft available to
this group for comment. However, the CABForum contains a number of
companies who are not used to working in the open, and are concerned
about negative effects and news stories based on incomplete and
in-progress thinking. So we have negotiated a compromise. If you are
interested in seeing the draft document, send me an email and I will
send you a copy. You can then quote relevant bits of it here, in this
newsgroup, for discussion.

Please do not abuse this "quoting" policy by quoting vast reams of it,
followed by "seems good to me", or any funny business of that nature.
And please do not further distribute the document; refer other people
interested in it to me. Success with this method of working may lead to
more openness in the future; abuse is likely to lead to a hardening of
attitudes.

Note that the draft document should _not_ be interpreted as representing
the position of the CABForum, or any member company, on any issue, or
even of defining a direction in which the CABForum is minded to go.
These minimum requirements may or may not even ever be issued.

To give you some idea of what it in the draft, I quote the contents page
below.

Gerv

Baseline Requirements for the Issuance and Management of
Publicly-Trusted Certificates - Draft 16

1. Scope
2. References
3. Definitions
4. Abbreviations and Acronyms
5. Conventions
6. Certificate Warranties and Representations
7. Community and Applicability
8. Certificate Content and Profile
9. Certificate Request
10. Validation Practices
11. Certificate Status Checking and Revocation
12. Employees and Third Parties
13. Data Records
14. Audit Requirements
15. Other Contractual Compliance
Appendix A - Minimum Cryptographic Algorithm and Key Size Requirements
Appendix B – Certificate Extensions
1 Root CA Certificate
2 Subordinate CA Certificate
3 Subscriber Certificate
Appendix C - User Agent Verification

0 new messages