From: Ryan Sleevi [mailto:[email protected]] Sent: Wednesday, February 24, 2016 1:02 PM To: Jeremy Rowley Cc: Peter Bowen; [email protected] Subject: Re: [cabfpub] RFC5280 On Wed, Feb 24, 2016 at 11:30 AM, Jeremy Rowley <[email protected] <mailto:[email protected]> > wrote: “I used RFCs 5280, 6818, 3279, 5480, and 5758. Several of these specify what key usages are acceptable with which public key types. Are you suggesting that the other PKIX RFCs are not what CAs should be following?” No – I’m saying 5280 is the only one included in the BRs specifically. The auditors are working on audit criteria for 5280 compliance. Are you suggesting that WebTrust / ETSI are now developing tools and criteria to evaluate this compliance? [JR] Isn’t that what Don said during the Webtrust update last week? That compliance with 5280 is going to be part of the actual Webtrust criteria? There won’t be the same audit criteria for 6818, 3279, 5480, and 5758. The question is whether we codify certain policies from these RFCS, although adoption of the RFC as a BR requirement could work as well (as it will then add the RFC to the audit framework). 6818 - Updates 5280, thus is part of the series 3279 - A normative reference from 5280 5480 - Updates 3279 5758 - Updates 3279 So if you take compliance to 5280, then you've incorporated normative dependencies on all the other specs Peter mentioned. If it helps frame it at all, think of 6818 as version 1.1 of 5280, and 3279 as Appendix X (in BR / CA/B Forum Bylaw terms)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
