[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements
Gervase Markham
gerv at mozilla.org
Thu Aug 15 19:13:56 UTC 2013
On 15/08/13 19:52, Gervase Markham wrote:
> So the logic of that code block as I read it (and my interpretation was
> looked over by Bob Relyea, although he probably didn't check it
> exhaustively), is:
<snip>
So to address the question: it seems that if we want all SSL CA and EE
certificates to be in scope, then (at least for NSS) the document has to
cover certs which meet any of the conditions here.
> SSL_Server == !(NS_Type_Extension || EKU_Extension) // 608-621
> || NS_Type_SSL_Server // 516
> || !BC_isCA && (
> EKU_Server_Auth // 553-562
> || NS_Govt_Approved // 563-576
> )
>
>
> SSL_CA == NS_SSL_CA // 516
> || BC_isCA && (
> !(NS_Type_Extension || EKU_Extension) // 608-621
> || NS_Type_Email_CA // 531-537
> || EKU_SSL_Server_Auth // 553-562
> || NS_Govt_Approved // 563-576
> || EKU_SSL_Client_Auth // 577-586
> )
Gerv
More information about the Public
mailing list