Just makes it clear: The extension KeyUsage is optional in subscriber's certificate. But what happens if it is present and is NOT critical?
On Tue, 9 Apr 2019, 16:29 Ryan Sleevi <r...@sleevi.com> wrote: > 1. Open > https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.4.pdf > 2. Search for "KeyUsage" > - 11 occurrences > > #1 > 7.1.2.1 Root CA Certificate > b. keyUsage > This extension MUST be present and MUST be marked critical ... > > #3 > 7.1.2.2 Subordinate CA Certificate > e. keyUsage > This extension MUST be present and MUST be marked critical ... > > #5 > 7.1.2.3. Subscriber Certificate > e. keyUsage (optional) > If present, bit positions for keyCertSign and cRLSign MUST NOT be set. > > 3. Answer question :) > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy