<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <br>
    <br>
    <div class="moz-cite-prefix">On 4/1/2024 5:50 μ.μ., Ben Wilson
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CA+1gtaar2Eva+UkEof_0eE0jXhoyZBXfb=AzZYoRS38TSV8XjQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">I think this is listed as an issue in GitHub - <a
          href="https://github.com/cabforum/servercert/issues/444"
          moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/servercert/issues/444</a>.</div>
    </blockquote>
    <br>
    Indeed, the cleanup ballot brings back the number 7.1.5 but the
    section is empty, despite the real information being already
    included in other sections of the BRs.<br>
    <br>
    Hopefully we can add pointers to the right name constraints
    language. Does that make sense?<br>
    <br>
    <br>
    Dimitris.<br>
    <br>
    <br>
    <blockquote type="cite"
cite="mid:CA+1gtaar2Eva+UkEof_0eE0jXhoyZBXfb=AzZYoRS38TSV8XjQ@mail.gmail.com"><br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, Jan 4, 2024 at 4:54 AM
          Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a
            href="mailto:servercert-wg@cabforum.org"
            moz-do-not-send="true" class="moz-txt-link-freetext">servercert-wg@cabforum.org</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div> Dear Members,<br>
            <br>
            While taking another pass at reviewing the new certificate
            profiles introduced in ballot SC62, I realized that there is
            some deviation from the RFC 3647 structure that the BRs
            should maintain to help alignment of CA CP/CPS documents.<br>
            <br>
            This is the structure defined by RFC 3647 for section 7:<br>
            <pre>   7.  CERTIFICATE, CRL, AND OCSP PROFILES
   7.1  Certificate profile
   7.1.1  Version number(s)
   7.1.2  Certificate extensions
   7.1.3  Algorithm object identifiers
   7.1.4  Name forms
   7.1.5  Name constraints
   7.1.6  Certificate policy object identifier
   7.1.7  Usage of Policy Constraints extension
   7.1.8  Policy qualifiers syntax and semantics
   7.1.9  Processing semantics for the critical Certificate Policies</pre>
            <br>
            Section 7.1.5 does not exist anymore. The BRs have the name
            constraints information in 7.1.2.5.2, 7.1.2.10.8. I believe
            that, at a minimum, we should re-introduce 7.1.5 and point
            to other subsections of 7.1.2 for consistency with RFC 3647.<br>
            <br>
            Thoughts?<br>
            Dimitris.<br>
            <br>
          </div>
          _______________________________________________<br>
          Servercert-wg mailing list<br>
          <a href="mailto:Servercert-wg@cabforum.org"
            moz-do-not-send="true" class="moz-txt-link-freetext">Servercert-wg@cabforum.org</a><br>
          <a
href="https://lists.cabforum.org/mailman/listinfo/servercert-wg"
            rel="noreferrer" moz-do-not-send="true"
            class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>