[cabfpub] Preballot - Revised Ballot 190

Ryan Sleevi sleevi at google.com
Wed May 17 16:36:28 UTC 2017


On Wed, May 17, 2017 at 12:28 PM, Gervase Markham <gerv at mozilla.org> wrote:

> On 17/05/17 17:24, Ryan Sleevi via Public wrote:
> > Would you (and Jeremy and Gerv) be receptive to including this in
> > 3.2.2.4?
>
> I have no objection; although would it have an effect on achievable
> implementation timelines?
>

Start with a SHOULD with a MUST timelines in the future :)


> > There did not appear to be any objections raised on the list - simply a
> > discussion related to policy OIDs versus an extension, but the the
> > extension provides a semantically valid approach that minimizes any
> > changes to CA infrastructure.
>
> People with more expertise than me can make the call as to which way to
> do it :-)
>

Yeah, policy OID would require reissuing intermediates to be
meaningful/effective/interoperable (e.g. Microsoft ADCS requires policy
OIDs in leaves are contained within their issuing intermediate), whereas
ADCS can be 'easily' extended (via ICertServerPolicy
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387348(v=vs.85).aspx>
 extensions
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa388216(v=vs.85).aspx>
-
example code
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387704(v=vs.85).aspx>
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170517/0561bc43/attachment-0003.html>


More information about the Public mailing list