[cabf_validation] Cert Profile spec: question about the outline/ToC

Aaron Gable aaron at letsencrypt.org
Mon Aug 2 16:32:53 UTC 2021


Unfortunately, RFC 3647 Section 4.7
<https://datatracker.ietf.org/doc/html/rfc3647#section-4.7> suggests that
Section 7.1 be the Certificate Profile, 7.2 be the CRL Profile, and 7.3 be
the OCSP Profile. Of course, 3647 is informational, not normative, and so
the BRs are free to depart from it as appropriate, but this change would be
the first such departure.

Aaron

On Mon, Aug 2, 2021 at 8:35 AM Doug Beattie via Validation <
validation at cabforum.org> wrote:

> Hi Ryan,
>
>
>
> When I was reviewing the latest spec,
> https://github.com/sleevi/cabforum-docs/pull/36/files,  I was struck by
> the Table of Contents that I built in Word having 40 pages in section
> 7.1.2.  There is no heading for the various types of cert profiles because
> it’s all buried in “7.1.2 Certificate Content and Extensions”
>
>
>
> Would it be possible/logical to re-chunk that section to avoid such long
> numbered headers and to bring some of the important items into a higher
> level and into the ToC?  It would be more obvious about where certain
> sections are located and provide a better grouping of data, imo
>
>
>
> This is just a suggestion, but could we consider an organization similar
> to this?   Apologies if this has been discussed and resolved previously.
>
>
> 7         CERTIFICATE, CRL, AND OCSP PROFILES7.1        CA Certificates
> 7.1.1        Root CA Certificate Profile (was 7.1.2.1)7.1.2        Cross-Certified
> Subordinate CA Certificate Profile (was 7.1.2.2)7.1.3        Technically
> Constrained Non-TLS Subordinate CA Certificate Profile (was 7.1.2.3)7.1.4
> Technically Constrained TLS Subordinate CA Certificate Profile (was
> 7.1.2.4)7.1.5        TLS Subordinate CA Certificate Profile (was 7.1.2.5)
> 7.1.6        Common CA Fields (was 7.1.2.8)7.2        Leaf Certificates
> 7.2.1        Subscriber (Server) Certificate Profile (was 7.1.2.6)7.2.2
> OCSP Responder Certificate Profile (was 7.1.2.7)7.2.3        Infra
> Certificate Profile?7.2.4        Common <leaf> Certificate Fields (was
> 7.1.2.9)7.3        All Certificates (was 7.1.2.4, but this is probably a
> typo since and should be 7.1.2.10 according to the current spec).7.3.1
> Application of RFC 5280 (was 7.1.2.5 – probably should have been 7.1.2.11)
> 7.3.2        Algorithm object identifiers (was 7.1.3)7.3.3        Name
> Forms ( was 7.1.4)7.3.4        Certificate policy object identifier (was
> 7.1.6)7.3.5        Usage of Policy Constraints extension (was 7.1.7)7.3.6
> Policy qualifiers syntax and semantics (was 7.1.8)7.3.7        Processing
> semantics for the critical Certificate Policies extension (was 7.1.9) –
> maybe this should be 7.4 and not under “all Certificates”7.4        CRL
> Profile (was 7.2)7.5        OCSP Profile (was 7.3)
>
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/validation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210802/90acc390/attachment.html>


More information about the Validation mailing list