[cabf_validation] Cert Profile spec: question about the outline/ToC

Doug Beattie doug.beattie at globalsign.com
Mon Aug 2 15:35:16 UTC 2021

Hi Ryan,


When I was reviewing the latest spec,
https://github.com/sleevi/cabforum-docs/pull/36/files,  I was struck by the
Table of Contents that I built in Word having 40 pages in section 7.1.2.
There is no heading for the various types of cert profiles because it's all
buried in "7.1.2 Certificate Content and Extensions" 


Would it be possible/logical to re-chunk that section to avoid such long
numbered headers and to bring some of the important items into a higher
level and into the ToC?  It would be more obvious about where certain
sections are located and provide a better grouping of data, imo


This is just a suggestion, but could we consider an organization similar to
this?   Apologies if this has been discussed and resolved previously.



7.1        CA Certificates

7.1.1        Root CA Certificate Profile (was

7.1.2        Cross-Certified Subordinate CA Certificate Profile (was

7.1.3        Technically Constrained Non-TLS Subordinate CA Certificate
Profile (was

7.1.4        Technically Constrained TLS Subordinate CA Certificate Profile

7.1.5        TLS Subordinate CA Certificate Profile (was

7.1.6        Common CA Fields (was

7.2        Leaf Certificates

7.2.1        Subscriber (Server) Certificate Profile (was

7.2.2        OCSP Responder Certificate Profile (was

7.2.3        Infra Certificate Profile?

7.2.4        Common <leaf> Certificate Fields (was

7.3        All Certificates (was, but this is probably a typo since
and should be according to the current spec).

7.3.1        Application of RFC 5280 (was - probably should have

7.3.2        Algorithm object identifiers (was 7.1.3)

7.3.3        Name Forms ( was 7.1.4)

7.3.4        Certificate policy object identifier (was 7.1.6)

7.3.5        Usage of Policy Constraints extension (was 7.1.7)

7.3.6        Policy qualifiers syntax and semantics (was 7.1.8)

7.3.7        Processing semantics for the critical Certificate Policies
extension (was 7.1.9) - maybe this should be 7.4 and not under "all

7.4        CRL Profile (was 7.2)

7.5        OCSP Profile (was 7.3)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210802/a660e189/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8424 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210802/a660e189/attachment-0001.p7s>

More information about the Validation mailing list