Confirmed users, Administrators
5,526
edits
CA/Subordinate CA Checklist: Difference between revisions
m
→Terminology
m (→Terminology) |
m (→Terminology) |
||
| Line 30: | Line 30: | ||
#* Please see the [[CA:SubordinateCA_checklist#Third-Party_Private_(or_Enterprise)_Subordinate_CAs|section below]] which outlines the additional information that must be provided for third-party private (or enterprise) subordinate CAs. | #* Please see the [[CA:SubordinateCA_checklist#Third-Party_Private_(or_Enterprise)_Subordinate_CAs|section below]] which outlines the additional information that must be provided for third-party private (or enterprise) subordinate CAs. | ||
'''Recommendation:''' Root certificate authorities should use a separate and distinct root to sign third-party private subordinate CAs, and such roots should not be submitted for inclusion in | '''Recommendation:''' Root certificate authorities should use a separate and distinct root to sign third-party private subordinate CAs, and such roots should not be submitted for inclusion in NSS. Then if the owner of the subordinate CA later decides to create a profit center and start signing site certificates of unaffiliated entities, those site certificates will not chain back up to a root in NSS. With a separate and distinct root not submitted for inclusion in the NSS database, there would be no need to disclose any information about those third-party private subordinate CAs. | ||
== Third-Party Private (or Enterprise) Subordinate CAs == | == Third-Party Private (or Enterprise) Subordinate CAs == | ||