[cabfpub] Ballot 190

Ryan Sleevi sleevi at google.com
Tue May 2 18:43:28 UTC 2017


Just to be clear: My initial proposal was simply to indicate "All
information in this certificate has been validated in accordance with the
explicit methods in Version X"

That is, even if information is reused, that the information was compatible
with version X. If version X+1 or X+3 changes things substantially - but
still permits reuse of Version X data - then you'd continue to assert
Version X. If Version X+3's validation was still compatible with Version X
(perhaps it added a new method, or changed something unrelated), you could
assert either X, X+1, X+2, or X+3 and still be in full compliance.
Asserting X+3 is, of course, a stronger security assurance, but asserting X
is still compliant/compatible :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170502/f78377fc/attachment-0002.html>


More information about the Public mailing list