[cabfpub] More BR Errata
Rick_Andrews at symantec.com
Fri Oct 24 10:09:42 MST 2014
Done. I also submitted the other errata on DSA, and assigned them all to you.
I think Bugzilla is a great way to track these.
From: Ben Wilson [mailto:ben.wilson at digicert.com]
Sent: Thursday, October 23, 2014 5:29 PM
To: Rick Andrews; public at cabforum.org
Subject: RE: [cabfpub] More BR Errata
If you want, put them in Bugzilla and assign them to me.
From: Rick Andrews<mailto:Rick_Andrews at symantec.com>
Sent: 10/23/2014 6:01 PM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: [cabfpub] More BR Errata
I think Section 9.2.5 Subject Country Name Field, 9.2.6 Subject Organizational Unit Field, and 9.2.8 Other Subject Attributes should be downgraded to sub-sections 9.2.4 f, g, and h because they’re all Subject Distinguished Name Fields.
Appendix B.2.G says “extkeyUsage (optional)
For Subordinate CA Certificates to be Technically constrained in line with section 9.8, then either the value
id-kp-serverAuth [RFC5280] or id-kp-clientAuth [RFC5280] or both values MUST be present**.”
But Section 9.8 is “Additional Technical Requirements” which contains very little text; I think this is supposed to refer to Section 9.7 “Technical Constraints in Subordinate CA Certificates via Name Constraints and EKU”. We should probably use the Microsoft Word tool to link to a Section number, so that if the Section number changes, the reference changes too.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public