Hello guys, This question is for OpenCA developers. Did predefined OpenCA certificates profiles are up to valid RFC's?
Why asking? In RFC 3280 (in 2459 also) for Key Usage are defined : This extension MUST appear in certificates that contain public keys that are used to validate digital signatures on other public key certificates or CRLs. When this extension appears, it SHOULD be marked critical. As I understand from this - CA (in most cases) must have key usage extension and CA/end user certificates which have key usage ext. MUST have it marked critical. By default OpenCA certificates are issued with non critical extensions. Is this bug in OpenCA or those certificates profiles are defined only as examples? Regards, Dmitrij ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
