On 4/1/2024 5:50 μ.μ., Ben Wilson wrote:
I think this is listed as an issue in GitHub - https://github.com/cabforum/servercert/issues/444.
Indeed, the cleanup ballot brings back the number 7.1.5 but the section is empty, despite the real information being already included in other sections of the BRs.
Hopefully we can add pointers to the right name constraints language. Does that make sense?
Dimitris.
On Thu, Jan 4, 2024 at 4:54 AM Dimitris Zacharopoulos (HARICA) via Servercert-wg <[email protected]> wrote:Dear Members, While taking another pass at reviewing the new certificate profiles introduced in ballot SC62, I realized that there is some deviation from the RFC 3647 structure that the BRs should maintain to help alignment of CA CP/CPS documents. This is the structure defined by RFC 3647 for section 7: 7. CERTIFICATE, CRL, AND OCSP PROFILES 7.1 Certificate profile 7.1.1 Version number(s) 7.1.2 Certificate extensions 7.1.3 Algorithm object identifiers 7.1.4 Name forms 7.1.5 Name constraints 7.1.6 Certificate policy object identifier 7.1.7 Usage of Policy Constraints extension 7.1.8 Policy qualifiers syntax and semantics 7.1.9 Processing semantics for the critical Certificate Policies Section 7.1.5 does not exist anymore. The BRs have the name constraints information in 7.1.2.5.2, 7.1.2.10.8. I believe that, at a minimum, we should re-introduce 7.1.5 and point to other subsections of 7.1.2 for consistency with RFC 3647. Thoughts? Dimitris. _______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
