[cabf_validation] OU attribute in CA Certificates
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Fri Oct 21 07:39:32 UTC 2022
On 14/10/2022 11:22 π.μ., Dimitris Zacharopoulos (HARICA) via Validation
wrote:
> The breakdown makes it clearer, thanks Doug. We just need to see how
> this will appear in the table via markdown.
>
> Dimitris.
>
> On 13/10/2022 11:05 μ.μ., Doug Beattie wrote:
>>
>> Hi Dimitris,
>>
>> I’d lean towards you option #2:
>>
>> 2. Update 7.1.2.10.2, add the Attribute Type OU, and in the Presence
>> column state "MUST NOT," except for Non-TLS Subordinate CA
>> Certificates that meet the Certificate Profile described in
>> section 7.1.2.3".
>>
>> Just a suggestion:
>>
>> 2. Update 7.1.2.10.2, add the Attribute Type OU, and in the Presence
>> column state:
>> * MUST NOT for TLS Subordinate CA Certificates defined in
>> section 7.1.2.3,
>> * SHOULD NOT for all other CAs"
>>
Seeing no objections, I created
https://github.com/cabforum/servercert/pull/398/files with the proposed
language. Let me know if the formatting (single line) works for everyone.
Thanks,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20221021/7a23afab/attachment.html>
More information about the Validation
mailing list