[cabfpub] RFC5280

Jeremy Rowley jeremy.rowley at digicert.com
Wed Feb 24 13:12:29 MST 2016


 

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Wednesday, February 24, 2016 1:02 PM
To: Jeremy Rowley
Cc: Peter Bowen; public at cabforum.org
Subject: Re: [cabfpub] RFC5280

 

 

 

On Wed, Feb 24, 2016 at 11:30 AM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> > wrote:

“I used RFCs 5280, 6818, 3279, 5480, and 5758.  Several of these specify what key usages are acceptable with which public key types.  Are you suggesting that the other PKIX RFCs are not what CAs should be following?”

 

No – I’m saying 5280 is the only one included in the BRs specifically. The auditors are working on audit criteria for 5280 compliance. 

 

 

Are you suggesting that WebTrust / ETSI are now developing tools and criteria to evaluate this compliance?

[JR] Isn’t that what Don said during the Webtrust update last week? That compliance with 5280 is going to be part of the actual Webtrust criteria?

 

There won’t be the same audit criteria for 6818, 3279, 5480, and 5758. The question is whether we codify certain policies from these RFCS, although adoption of the RFC as a BR requirement could work as well (as it will then add the RFC to the audit framework).

 

 

6818 - Updates 5280, thus is part of the series

3279 - A normative reference from 5280

5480 - Updates 3279

5758 - Updates 3279

 

So if you take compliance to 5280, then you've incorporated normative dependencies on all the other specs Peter mentioned.

 

If it helps frame it at all, think of 6818 as version 1.1 of 5280, and 3279 as Appendix X (in BR / CA/B Forum Bylaw terms)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160224/bb9a7e7c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160224/bb9a7e7c/attachment.bin 


More information about the Public mailing list