CSCA requirements - Githubissues

eu-digital-green-certificates / dgc-participating-countries

All contents and information for onboarding representatives of participating countries.

Apache License 2.0

25 stars 16 forks source link

CSCA requirements #2

Closed SZoerner closed 3 years ago

SZoerner commented 3 years ago

I have a clarification question regarding the Certificate Signing Certificate Authority (CSCA): Could we use a public commercial CA root as CSCA -> a country-specific one (D-Trust for Germany), but one not exclusively used for the EU Gateway?

dirkx commented 3 years ago

The specification currently allows for any certificate (that is able to sign another certificate; so the (sub/chain)CA flag needs to be set to TRUE) to be permitted as a CSCA. A document detailing this was in the works - see the minutes from the last meeting.

oliver-steinbrecher commented 3 years ago

Thanks for your answer. Can this be considered as stable?

dirkx commented 3 years ago

Best we have now - but I would wait for the documented to be formally adopted - hopefully with the onboarding spec.

psavva commented 3 years ago

Following

SZoerner commented 3 years ago

@dirkx Are talking about this document?

SchulzeStTSI commented 3 years ago

@SZoerner Yes this is the document. It's open for review to 4.5.