[cabf_validation] OU attribute in CA Certificates

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Fri Oct 21 07:39:32 UTC 2022


On 14/10/2022 11:22 π.μ., Dimitris Zacharopoulos (HARICA) via Validation 
wrote:
> The breakdown makes it clearer, thanks Doug. We just need to see how 
> this will appear in the table via markdown.
>
> Dimitris.
>
> On 13/10/2022 11:05 μ.μ., Doug Beattie wrote:
>>
>> Hi Dimitris,
>>
>> I’d lean towards you option #2:
>>
>>  2. Update 7.1.2.10.2, add the Attribute Type OU, and in the Presence
>>     column state "MUST NOT," except for Non-TLS Subordinate CA
>>     Certificates that meet the Certificate Profile described in
>>     section 7.1.2.3".
>>
>> Just a suggestion:
>>
>>  2. Update 7.1.2.10.2, add the Attribute Type OU, and in the Presence
>>     column state:
>>       * MUST NOT for TLS Subordinate CA Certificates defined in
>>         section 7.1.2.3,
>>       * SHOULD NOT for all other CAs"
>>

Seeing no objections, I created 
https://github.com/cabforum/servercert/pull/398/files with the proposed 
language. Let me know if the formatting (single line) works for everyone.

Thanks,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20221021/7a23afab/attachment.html>


More information about the Validation mailing list