<div dir="ltr">(Ugh, apologies for the double message; threading was broken between the original message and Ryan's reply and I did not see his reply before sending my own.)</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 2, 2021 at 9:33 AM Aaron Gable via Validation <<a href="mailto:validation@cabforum.org">validation@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Unfortunately, <a href="https://datatracker.ietf.org/doc/html/rfc3647#section-4.7" target="_blank">RFC 3647 Section 4.7</a> suggests that Section 7.1 be the Certificate Profile, 7.2 be the CRL Profile, and 7.3 be the OCSP Profile. Of course, 3647 is informational, not normative, and so the BRs are free to depart from it as appropriate, but this change would be the first such departure.<div><br></div><div>Aaron</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 2, 2021 at 8:35 AM Doug Beattie via Validation <<a href="mailto:validation@cabforum.org" target="_blank">validation@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div><p class="MsoNormal">Hi Ryan,<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">When I was reviewing the latest spec, <a href="https://github.com/sleevi/cabforum-docs/pull/36/files" target="_blank">https://github.com/sleevi/cabforum-docs/pull/36/files</a>, I was struck by the Table of Contents that I built in Word having 40 pages in section 7.1.2. There is no heading for the various types of cert profiles because it’s all buried in “7.1.2 Certificate Content and Extensions” <u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Would it be possible/logical to re-chunk that section to avoid such long numbered headers and to bring some of the important items into a higher level and into the ToC? It would be more obvious about where certain sections are located and provide a better grouping of data, imo<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">This is just a suggestion, but could we consider an organization similar to this? Apologies if this has been discussed and resolved previously.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><h1><u></u><span>7<span style="font:7pt "Times New Roman""> </span></span><u></u>CERTIFICATE, CRL, AND OCSP PROFILES<u></u><u></u></h1><h2><u></u><span>7.1<span style="font:7pt "Times New Roman""> </span></span><u></u>CA Certificates<u></u><u></u></h2><h3><u></u><span>7.1.1<span style="font:7pt "Times New Roman""> </span></span><u></u>Root CA Certificate Profile (was 7.1.2.1)<u></u><u></u></h3><h3><u></u><span>7.1.2<span style="font:7pt "Times New Roman""> </span></span><u></u>Cross-Certified Subordinate CA Certificate Profile (was 7.1.2.2)<u></u><u></u></h3><h3><u></u><span>7.1.3<span style="font:7pt "Times New Roman""> </span></span><u></u>Technically Constrained Non-TLS Subordinate CA Certificate Profile (was 7.1.2.3)<u></u><u></u></h3><h3><u></u><span>7.1.4<span style="font:7pt "Times New Roman""> </span></span><u></u>Technically Constrained TLS Subordinate CA Certificate Profile (was 7.1.2.4)<u></u><u></u></h3><h3><u></u><span>7.1.5<span style="font:7pt "Times New Roman""> </span></span><u></u>TLS Subordinate CA Certificate Profile (was 7.1.2.5)<u></u><u></u></h3><h3><u></u><span>7.1.6<span style="font:7pt "Times New Roman""> </span></span><u></u>Common CA Fields (was 7.1.2.8)<u></u><u></u></h3><h2><u></u><span>7.2<span style="font:7pt "Times New Roman""> </span></span><u></u>Leaf Certificates<u></u><u></u></h2><h3><u></u><span>7.2.1<span style="font:7pt "Times New Roman""> </span></span><u></u>Subscriber (Server) Certificate Profile (was 7.1.2.6)<u></u><u></u></h3><h3><u></u><span>7.2.2<span style="font:7pt "Times New Roman""> </span></span><u></u>OCSP Responder Certificate Profile (was 7.1.2.7)<u></u><u></u></h3><h3><u></u><span>7.2.3<span style="font:7pt "Times New Roman""> </span></span><u></u>Infra Certificate Profile?<u></u><u></u></h3><h3><u></u><span>7.2.4<span style="font:7pt "Times New Roman""> </span></span><u></u>Common <leaf> Certificate Fields (was 7.1.2.9)<u></u><u></u></h3><h2><u></u><span>7.3<span style="font:7pt "Times New Roman""> </span></span><u></u>All Certificates (was 7.1.2.4, but this is probably a typo since and should be 7.1.2.10 according to the current spec).<u></u><u></u></h2><h3><u></u><span>7.3.1<span style="font:7pt "Times New Roman""> </span></span><u></u>Application of RFC 5280 (was 7.1.2.5 – probably should have been 7.1.2.11)<u></u><u></u></h3><h3><u></u><span>7.3.2<span style="font:7pt "Times New Roman""> </span></span><u></u>Algorithm object identifiers (was 7.1.3)<u></u><u></u></h3><h3><u></u><span>7.3.3<span style="font:7pt "Times New Roman""> </span></span><u></u>Name Forms ( was 7.1.4)<u></u><u></u></h3><h3><u></u><span>7.3.4<span style="font:7pt "Times New Roman""> </span></span><u></u>Certificate policy object identifier (was 7.1.6)<u></u><u></u></h3><h3><u></u><span>7.3.5<span style="font:7pt "Times New Roman""> </span></span><u></u>Usage of Policy Constraints extension (was 7.1.7)<u></u><u></u></h3><h3><u></u><span>7.3.6<span style="font:7pt "Times New Roman""> </span></span><u></u>Policy qualifiers syntax and semantics (was 7.1.8)<u></u><u></u></h3><h3><u></u><span>7.3.7<span style="font:7pt "Times New Roman""> </span></span><u></u>Processing semantics for the critical Certificate Policies extension (was 7.1.9) – maybe this should be 7.4 and not under “all Certificates”<u></u><u></u></h3><h2><u></u><span>7.4<span style="font:7pt "Times New Roman""> </span></span><u></u>CRL Profile (was 7.2)<u></u><u></u></h2><h2><u></u><span>7.5<span style="font:7pt "Times New Roman""> </span></span><u></u>OCSP Profile (was 7.3)<u></u><u></u></h2><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div>_______________________________________________<br>
Validation mailing list<br>
<a href="mailto:Validation@cabforum.org" target="_blank">Validation@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/validation" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/validation</a><br>
</blockquote></div>
_______________________________________________<br>
Validation mailing list<br>
<a href="mailto:Validation@cabforum.org" target="_blank">Validation@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/validation" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/validation</a><br>
</blockquote></div>