[cabfpub] Ballot 68
jeremy.rowley at digicert.com
Wed Sep 26 19:20:12 UTC 2012
I think this is the latest proposal for Ballot 68:
Erratum begins ..
A. In Section 10.2.3, after the first paragraph, insert:
"The CA SHALL establish and follow a documented procedure for verifying all
data requested for inclusion in the Certificate by the Applicant."
B. In Appendix B, add paragraph numbers to the headings: "(1) Root CA
Certificate", "(2) Subordinate CA Certificate", and "(3) Subscriber
C. In three places in Appendix B, delete: "All other fields and extensions
MUST be set in accordance with RFC 5280."
D. In Appendix B, insert paragraph 4, as follows
(4) All Certificates
All other fields and extensions MUST be set in accordance with RFC 5280.
The CA SHALL NOT issue a Certificate that contains a keyUsage flag,
extendedKeyUsage value, Certificate extension, or other data not otherwise
specified in this Appendix B unless the CA is aware of a reason for
including the data in the Certificate.
Erratum ends .
More information about the Public