[Servercert-wg] Section 7.1.5 as required by RFC 3647 is no longer in the TLS BRs
Ben Wilson
bwilson at mozilla.com
Thu Jan 4 15:50:56 UTC 2024
I think this is listed as an issue in GitHub -
https://github.com/cabforum/servercert/issues/444.
On Thu, Jan 4, 2024 at 4:54 AM Dimitris Zacharopoulos (HARICA) via
Servercert-wg <servercert-wg at cabforum.org> wrote:
> Dear Members,
>
> While taking another pass at reviewing the new certificate profiles
> introduced in ballot SC62, I realized that there is some deviation from the
> RFC 3647 structure that the BRs should maintain to help alignment of CA
> CP/CPS documents.
>
> This is the structure defined by RFC 3647 for section 7:
>
> 7. CERTIFICATE, CRL, AND OCSP PROFILES
> 7.1 Certificate profile
> 7.1.1 Version number(s)
> 7.1.2 Certificate extensions
> 7.1.3 Algorithm object identifiers
> 7.1.4 Name forms
> 7.1.5 Name constraints
> 7.1.6 Certificate policy object identifier
> 7.1.7 Usage of Policy Constraints extension
> 7.1.8 Policy qualifiers syntax and semantics
> 7.1.9 Processing semantics for the critical Certificate Policies
>
>
> Section 7.1.5 does not exist anymore. The BRs have the name constraints
> information in 7.1.2.5.2, 7.1.2.10.8. I believe that, at a minimum, we
> should re-introduce 7.1.5 and point to other subsections of 7.1.2 for
> consistency with RFC 3647.
>
> Thoughts?
> Dimitris.
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240104/36a519a4/attachment.html>
More information about the Servercert-wg
mailing list