[cabfpub] EV CS requirements are contradictory

Jeremy Rowley jeremy.rowley at digicert.com
Tue Mar 24 01:18:06 UTC 2015

Thanks Ryan and Peter – Rob Stradling pointed this out a bit ago, and fixing it is on my list of updates. I circulated a proposal to fix this a bit ago.  I’ll revive and recirculate.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Monday, March 23, 2015 6:51 PM
Subject: [cabfpub] EV CS requirements are contradictory

From Peter

---------- Forwarded message ----------
From: Peter Bowen <pzbowen at gmail.com<mailto:pzbowen at gmail.com>>
Date: Mon, Mar 23, 2015 at 5:49 PM

In the EV CS spec, section 9.2.2 says "Subject Alternative Name Extension:
This field should not be included in the EV Code Signing Objects."

However 9.7 says "the Certificate MUST include a

The definitions says "EV Code Signing Object: An EV Code Signing
Certificate issued by a CA or an EV Signature provided by a Signing

So clearly an object is a certificate and it should not but also MUST
include a SAN.  I'm confused.  Is 9.2.2 just wrong?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150324/39e96c5c/attachment-0003.html>

More information about the Public mailing list