[cabfpub] Possible error in EV Code Signing document

Rick Andrews Rick_Andrews at symantec.com
Fri Jul 26 16:31:56 UTC 2013


While looking over the EV Code Signing Guidelines (https://cabforum.org/EV_Code_Signing_Guidelines_v1_1.pdf), I came across what I think is a typo.

"9.2.2  Subject Alternative Name Extension
This field should not be included in the EV Code Signing Objects."

Section 9.2 is all about Subject DN fields, so it seems a bit odd that 9.2.2 should be about an extension. But as Section 9.7 says "the  Certificate  MUST  include  a  SubjectAltName:permanentIdentifier".

I think 9.2.2 is there because it was copied from the EV SSL Guidelines. In that document, we explicitly call out subjectAltName in the Subject DN section to call attention to the fact that we're deprecating the Common Name field, and want the subject's name instead put in the subjectAltName extension.

I think the way to correct this is to remove Section 9.2.2 (it just consists of the one sentence shown above).

Anyone disagree? Should I create a ballot for this?

-Rick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130726/4e939f88/attachment-0002.html>


More information about the Public mailing list