[cabfpub] More BR Errata
ben.wilson at digicert.com
Thu Oct 23 17:28:57 MST 2014
If you want, put them in Bugzilla and assign them to me.
From: Rick Andrews<mailto:Rick_Andrews at symantec.com>
Sent: 10/23/2014 6:01 PM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: [cabfpub] More BR Errata
I think Section 9.2.5 Subject Country Name Field, 9.2.6 Subject Organizational Unit Field, and 9.2.8 Other Subject Attributes should be downgraded to sub-sections 9.2.4 f, g, and h because they’re all Subject Distinguished Name Fields.
Appendix B.2.G says “extkeyUsage (optional)
For Subordinate CA Certificates to be Technically constrained in line with section 9.8, then either the value
id-kp-serverAuth [RFC5280] or id-kp-clientAuth [RFC5280] or both values MUST be present**.”
But Section 9.8 is “Additional Technical Requirements” which contains very little text; I think this is supposed to refer to Section 9.7 “Technical Constraints in Subordinate CA Certificates via Name Constraints and EKU”. We should probably use the Microsoft Word tool to link to a Section number, so that if the Section number changes, the reference changes too.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public