[cabfpub] EV CS requirements are contradictory
Jeremy Rowley
jeremy.rowley at digicert.com
Tue Mar 24 01:18:06 UTC 2015
Thanks Ryan and Peter – Rob Stradling pointed this out a bit ago, and fixing it is on my list of updates. I circulated a proposal to fix this a bit ago. I’ll revive and recirculate.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Monday, March 23, 2015 6:51 PM
To: CABFPub
Subject: [cabfpub] EV CS requirements are contradictory
From Peter
---------- Forwarded message ----------
From: Peter Bowen <pzbowen at gmail.com<mailto:pzbowen at gmail.com>>
Date: Mon, Mar 23, 2015 at 5:49 PM
In the EV CS spec, section 9.2.2 says "Subject Alternative Name Extension:
This field should not be included in the EV Code Signing Objects."
However 9.7 says "the Certificate MUST include a
SubjectAltName:permanentIdentifier"
The definitions says "EV Code Signing Object: An EV Code Signing
Certificate issued by a CA or an EV Signature provided by a Signing
Authority."
So clearly an object is a certificate and it should not but also MUST
include a SAN. I'm confused. Is 9.2.2 just wrong?
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150324/39e96c5c/attachment-0003.html>
More information about the Public
mailing list