Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
m
→CA Conformance to the BRs
| Line 159: | Line 159: | ||
BR section 8.2.1 says: "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements." | BR section 8.2.1 says: "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements." | ||
It is '''not''' sufficient to simply reference section | It is '''not''' sufficient to simply reference section 3.2.2.4 of version 1.3 of the CA/Browser Forum's Baseline Requirements (BR). Section 3.2.2.4 lists several ways in which the CA may confirm that the certificate subscriber owns/controls the domain name to be included in the certificate. Simply referencing section 11 of the BRs does not specify which of those options the CA uses, and is insufficient for describing how the CA conforms to the BRs. The CA's CP/CPS must include a reasonable description of the ways the CA can verify that the certificate subscriber owns/controls the domain name(s) to be included in the certificate. | ||
== Checking BR Compliance == | == Checking BR Compliance == | ||