[cabfpub] Ballot 184: rfc822Names and otherNames

Rob Stradling rob.stradling at comodo.com
Fri Jan 6 17:08:13 UTC 2017


On 05/01/17 01:03, Jeremy Rowley via Public wrote:
> Thank you everyone for the feedback so far. Attached is an updated draft
> based on the comments provided. Apologies for the lack of redlining, but
> I reformatted the entire section into various permitted entries (thanks
> Gerv) which made the entire thing more readable. Let me know what you think.
<snip>
> *7.1.4.2.1.4. otherName with SRVName { 1.3.6.1.5.5.7.0.18.8.7 } type-id*
> ...
> A Technically Constrained Subordinate CA
> Certificate that includes a technical constraint for SRVNames MUST
> include permitted name subtrees and MAY include excluded name subtrees.

Hi Jeremy.

I expect your intent is for the "MUST include permitted...and MAY 
include excluded" clause to apply specifically to SRVNames.

However, as written, this sentence could be complied with by including a 
permitted name subtree for (for example) rfc822Name, because the "MUST 
include permitted...and MAY include excluded" clause applies to the TCSCC.

Also, I think it's confusing to refer to multiple subtrees in the 
singular - "a technical constraint".

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online




More information about the Public mailing list