[cabfpub] [cabfquest] Ballot 103 - OCSP Staping and TLS Security Policy Extension
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Sep 5 17:15:19 UTC 2013
On 09/05/2013 07:57 PM, From Bruce Morton:
> The ballot requires for Subscriber Certificates that the optional OID of basicConstraints be set to critical. I'm not sure why this optional OID needs to be set at critical, but if it does then some CAs will have to make a change. As such, I do not believe that the ballot should be "EFFECTIVE IMMEDIATELY."
Yes, I agree with Bruce here on both points. As such I think we should
be very careful with those "effective immediately" ballots as they could
easily jolt the boat of too many CAs and should only be applied when
necessary. In such a case I also believe that it would be the CAB Forums
responsibility to make a reasonable effort to reach out to all CAs which
really should be left for emergencies.
And I'd like to repeat the question why the basicConstraints OID needs
to be set as critical for a Subscriber Certificate
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130905/0166f015/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130905/0166f015/attachment-0001.p7s>
More information about the Public
mailing list