On 18/11/16 15:27, Rob Stradling wrote: > See > https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2 > > Does that make them "non-certificate data" ?
I note the following in the RFC: "(Note that, because of the structure of CMS, the signature on the CMS object will not be a valid X.509v3 signature and so cannot be used to construct a certificate from the precertificate)." Would one solution be to say that one condition on which signing non-cert data is OK is that if the signature is not a valid X.509v3 signature? That would cover this case. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
