[cabfpub] RFC5280
Ryan Sleevi
sleevi at google.com
Thu Feb 25 20:34:07 UTC 2016
On Thu, Feb 25, 2016 at 12:30 PM, Doug Beattie <doug.beattie at globalsign.com>
wrote:
> Good questions Jeremy.
>
>
>
> I hate to ask, but is rfc 5019 another RFC that must be met in order to be
> BR compliant, and will any errors there be warnings or full audit
> findings? There are a lot of rules about cache values which we might not
> be all compliant with.
>
>
>
5019 is a fully independent spec; that is, it does not Update or Obsolete
RFC 2560 (OCSP)
5019 is incorporated by reference in the BRs (Section 1.6.3), *but* it is
listed as an AND/OR in 4.9.9
So if you (properly) implement 2560, you should be able to pass an audit
even if you improperly implement 5019.
Unless you claim you implement 5019 in your CP/CPS, and at which point, I
would argue you should have qualifications, because that is auditable and
is in scope of the BRs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160225/cef915c1/attachment-0003.html>
More information about the Public
mailing list