[cabfpub] RFC5280

Ryan Sleevi sleevi at google.com
Wed Feb 24 20:01:59 UTC 2016


On Wed, Feb 24, 2016 at 11:30 AM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

> “I used RFCs 5280, 6818, 3279, 5480, and 5758.  Several of these specify
> what key usages are acceptable with which public key types.  Are you
> suggesting that the other PKIX RFCs are not what CAs should be following?”
>
>
>
> No – I’m saying 5280 is the only one included in the BRs specifically. The
> auditors are working on audit criteria for 5280 compliance.
>

Are you suggesting that WebTrust / ETSI are now developing tools and
criteria to evaluate this compliance?


> There won’t be the same audit criteria for 6818, 3279, 5480, and 5758. The
> question is whether we codify certain policies from these RFCS, although
> adoption of the RFC as a BR requirement could work as well (as it will then
> add the RFC to the audit framework).
>
>
>
6818 - Updates 5280, thus is part of the series
3279 - A normative reference from 5280
5480 - Updates 3279
5758 - Updates 3279

So if you take compliance to 5280, then you've incorporated normative
dependencies on all the other specs Peter mentioned.

If it helps frame it at all, think of 6818 as version 1.1 of 5280, and 3279
as Appendix X (in BR / CA/B Forum Bylaw terms)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/7ca43f3d/attachment-0003.html>


More information about the Public mailing list