[cabfpub] Must Staple and BR Issue 7

Rob Stradling rob.stradling at comodo.com
Mon Nov 5 13:03:02 UTC 2012

On 05/11/12 12:46, Adam Langley wrote:
> On Sun, Nov 4, 2012 at 5:32 PM, Ben Wilson <ben at digicert.com> wrote:
>> If we were to revise Appendix B of the Baseline Requirements, as outlined in
>> the proposed ballot to address BR Issue #7 (relined version attached, but
>> not fully endorsed yet for vote), would it make sense to amend section F of
>> Subscriber Certificates (extKeyUsage) (which currently says, "Either the
>> value id-kp-serverAuth [RFC5280] or id-kp-clientAuth [RFC5280] or both
>> values MUST be present.  id-kp-emailProtection [RFC5280] MAY be present") to
>> also say that, in addition emailProtection, the CABF extKeyUsage OID for
>> must-staple ( MAY be present?  (Even if it had to be proposed
>> as its own separate ballot because it is not in direct response to the BR
>> Issue#7? Or is it substantially related enough?)  After reviewing this
>> attachment, are there any endorsers, or persons who would endorse if
>> modifications were made?
> I thought we figured that it was going to be an extension, not a
> keyUsage?


Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list