[cabfpub] RFC5280

Ryan Sleevi sleevi at google.com
Thu Feb 25 20:34:07 UTC 2016

On Thu, Feb 25, 2016 at 12:30 PM, Doug Beattie <doug.beattie at globalsign.com>

> Good questions Jeremy.
> I hate to ask, but is rfc 5019 another RFC that must be met in order to be
> BR compliant, and will any errors there be warnings or full audit
> findings?  There are a lot of rules about cache values which we might not
> be all compliant with.

5019 is a fully independent spec; that is, it does not Update or Obsolete
RFC 2560 (OCSP)

5019 is incorporated by reference in the BRs (Section 1.6.3), *but* it is
listed as an AND/OR in 4.9.9

So if you (properly) implement 2560, you should be able to pass an audit
even if you improperly implement 5019.
Unless you claim you implement 5019 in your CP/CPS, and at which point, I
would argue you should have qualifications, because that is auditable and
is in scope of the BRs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160225/cef915c1/attachment-0003.html>

More information about the Public mailing list