Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 18:10, 18 March 2010
, 18 March 2010→Generic names for CAs
| Line 100: | Line 100: | ||
Our recommendation is that all CA names incorporate an organizational name or product brand name sufficiently unique to allow relatively straightforward identification of the CA. | Our recommendation is that all CA names incorporate an organizational name or product brand name sufficiently unique to allow relatively straightforward identification of the CA. | ||
Additionally, the issuer and subject information in the root certificate | Additionally, the issuer and subject information in the root certificate should provide clear indication about who owns or operates the certificate. Generic issuer and subject information inhibits the users' ability to establish a chain of trust, and to pursue complaints when appropriate. For instance, the following issuer information would not be acceptable in a root certificate to be included in NSS. | ||
* CN = Root CA | * CN = Root CA | ||
* OU = Certification Authorities | * OU = Certification Authorities | ||
* OU = Services | * OU = Services | ||
* O = admin | * O = admin | ||
There is no information in this issuer that can be linked back to any particular CA. There is no distinguishable company name or brand name. All of the information in this issuer is too generic to do a search on and hope to find the CA. | |||
=== Lack of Communication With End Users === | === Lack of Communication With End Users === | ||