[Servercert-wg] Section 7.1.5 as required by RFC 3647 is no longer in the TLS BRs
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Jan 4 11:53:55 UTC 2024
Dear Members,
While taking another pass at reviewing the new certificate profiles
introduced in ballot SC62, I realized that there is some deviation from
the RFC 3647 structure that the BRs should maintain to help alignment of
CA CP/CPS documents.
This is the structure defined by RFC 3647 for section 7:
7. CERTIFICATE, CRL, AND OCSP PROFILES
7.1 Certificate profile
7.1.1 Version number(s)
7.1.2 Certificate extensions
7.1.3 Algorithm object identifiers
7.1.4 Name forms
7.1.5 Name constraints
7.1.6 Certificate policy object identifier
7.1.7 Usage of Policy Constraints extension
7.1.8 Policy qualifiers syntax and semantics
7.1.9 Processing semantics for the critical Certificate Policies
Section 7.1.5 does not exist anymore. The BRs have the name constraints
information in 7.1.2.5.2, 7.1.2.10.8. I believe that, at a minimum, we
should re-introduce 7.1.5 and point to other subsections of 7.1.2 for
consistency with RFC 3647.
Thoughts?
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240104/fc40e9aa/attachment.html>
More information about the Servercert-wg
mailing list