I would agree to consider out-of-scope (of the BRs) a leaf certificate
with EKU=clientAuth issued by a SubCA that has EKU={server,client},
provided of course the leaf certificate does not assert a BR TLS policy
OID because this would be contradictory.
Besides, at least one widely used linter
unteered to propose an update to the BRs to address
the issue in this
<https://url.avanan.click/v2/___https:/bugzilla.mozilla.org/show_bug.cgi?id=1884714%23c1___.YXAzOmRpZ2ljZXJ0OmE6bzphODFkMzMxMGYzOTRmZTQxZTk4MzM4MjY1MjJhNmQ3NDo2OjIxOTI6YTZlMTBlMzdmMTgzODI3ZGJiMTg4YWZiYTAyYmYwZDJhMTkwNjA3MGQ2MDEzZjcxNmFlND
Actalis votes 'yes'
Il 26/04/2024 02:00, Wayne Thayer via Servercert-wg ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018f17b415ae-778c107a-354f-4239-9c91-1848b0fd4f07-000...@amazonses.com
Purpose of Ballot SC-073
This ballot proposes updates to the Baseline
Hi,
IMO, including an HTTPS URI in the *id-ad-caIssuers* accessMethod is at
least a bad practice and very unwise (if done on purpose), as it may
give rise to unbounded loops, as it is clearly explained in RFC5280:
CAs SHOULD NOT include URIs that specify https, ldaps, or similar
schemes in
?
Adriano
Il 21/03/2024 09:52, Jaime Hablutzel ha scritto:
The discussion in
https://github.com/sleevi/cabforum-docs/pull/36#discussion_r872103477 could
help.
On 21 Mar 2024, at 09:39, Adriano Santoni via Servercert-wg
wrote:
All, can anyone help me find the past email discussion, or at least
All, can anyone help me find the past email discussion, or at least the
rationale that someone wrote somewhere (e.g. on Github?), supporting the
Subject attributes encoding relative order requirement that was
introduced in BR 2.0.0 (Ballot SC-062) ?
I am talking about §7.1.4.2 Subject
Actalis votes Yes on SC65.
Adriano
Il 04/03/2024 16:33, Inigo Barreira via Servercert-wg ha scritto:
*Summary: *
The Extended Validation Certificates guidelines (EVGs) were developed
and written in a specific format. Since then, the RFC 3647 has been
the basis (and the de-facto standard)
Actalis votes YES.
Il 12/02/2024 23:55, Aaron Gable via Servercert-wg ha scritto:
This ballot aims to clarify the existing language around the use of
delegated third-parties during domain and IP address control
validation. It leaves the existing language in place, and adds
specifics for
Actalis votes 'YES'
Adriano
Il 23/01/2024 10:00, Dimitris Zacharopoulos (HARICA) via Servercert-wg
ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018d358c7f7b-4717121f-e944-4ccb-8f18-dd75b62a861b-000...@amazonses.com
This email initiates the voting period for ballot
Actalis votes YES.
*From:* Servercert-wg *On Behalf
Of* Inigo Barreira via Servercert-wg
*Sent:* Thursday, November 16, 2023 7:50 PM
*To:* CA/B Forum Server Certificate WG Public Discussion List
*Subject:* [Servercert-wg] VOTE FOR APPROVAL Ballot SC-066: Fall 2023
Clean-up v4
Hi
All,
there is a passage in the EVGL 1.8.0 that does not seem right, maybe
it's just a leftover from previous versions:
In section 14.2.2:
The CA MAY contractually authorize a Subscriber to perform the RA
function and authorize the CA to issue /additional /EV Certificates.
Is that
11 matches
Mail list logo