[cabfpub] Ballot 190
Rob Stradling
rob.stradling at comodo.com
Tue May 2 10:02:57 UTC 2017
On 02/05/17 10:23, Gervase Markham via Public wrote:
> On 02/05/17 10:18, Rob Stradling via Public wrote:
>> Or you could embed all of this into a single Certificate Policy OID.
>
> (off-list)
>
> Would that not be problematic if, as a previous message in the thread
> noted, there wasn't an anyPolicy OID in the intermediate? Or am I
> misunderstanding how this works?
Hi Gerv. I was about to reply "Oh yeah, you're right", but I thought
I'd first take another look at RFC5280 Section 6 (Certificate Path
Validation)...
I *think* each of the policy OIDs in a leaf cert are processed
independently. That is, as long as at least 1 of the OID(s) matches the
expected set, it's valid.
But please seek a second opinion on that. I'm far from confident that I
understand correctly. :-)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list