Confirmed users
610
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 13:58, 14 March 2009
, 14 March 2009Added generic CA names as a problematic practice
(Clarify requirements for OCSP response signatures) |
(Added generic CA names as a problematic practice) |
||
| Line 56: | Line 56: | ||
Our recommendation is to not put critical CIDP extensions into full CRLs, and to make full CRLs available for download when practical. | Our recommendation is to not put critical CIDP extensions into full CRLs, and to make full CRLs available for download when practical. | ||
=== Generic names for CAs === | |||
In various contexts Firefox and other Mozilla-based products display to users the names of root CAs, issuing CAs, and intermediate CAs in general. In some cases CA names are very generic, e.g., "Secure Server CA"; this makes it difficult for users to ascertain who operates the CA without undertaking a detailed investigation. | |||
Our recommendation is that all CA names incorporate an organizational name or product brand name sufficiently unique to allow relatively straightforward identification of the CA. | |||