Yes, in the already published version 2.0.2, the section 7.1.5 is included. This section is empty as many other sections in the TLS BRs, for example, 7.1.7, 7.1.8 and 7.1.9, which are just right after.
> Hopefully we can add pointers to the right name constraints language Sure. De: Servercert-wg <[email protected]> En nombre de Dimitris Zacharopoulos (HARICA) via Servercert-wg Enviado el: jueves, 4 de enero de 2024 17:56 Para: Ben Wilson <[email protected]>; CA/B Forum Server Certificate WG Public Discussion List <[email protected]> Asunto: Re: [Servercert-wg] Section 7.1.5 as required by RFC 3647 is no longer in the TLS BRs CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 4/1/2024 5:50 μ.μ., Ben Wilson wrote: I think this is listed as an issue in GitHub - https://github.com/cabforum/servercert/issues/444. Indeed, the cleanup ballot brings back the number 7.1.5 but the section is empty, despite the real information being already included in other sections of the BRs. Hopefully we can add pointers to the right name constraints language. Does that make sense? Dimitris. On Thu, Jan 4, 2024 at 4:54 AM Dimitris Zacharopoulos (HARICA) via Servercert-wg <[email protected]<mailto:[email protected]>> wrote: Dear Members, While taking another pass at reviewing the new certificate profiles introduced in ballot SC62, I realized that there is some deviation from the RFC 3647 structure that the BRs should maintain to help alignment of CA CP/CPS documents. This is the structure defined by RFC 3647 for section 7: 7. CERTIFICATE, CRL, AND OCSP PROFILES 7.1 Certificate profile 7.1.1 Version number(s) 7.1.2 Certificate extensions 7.1.3 Algorithm object identifiers 7.1.4 Name forms 7.1.5 Name constraints 7.1.6 Certificate policy object identifier 7.1.7 Usage of Policy Constraints extension 7.1.8 Policy qualifiers syntax and semantics 7.1.9 Processing semantics for the critical Certificate Policies Section 7.1.5 does not exist anymore. The BRs have the name constraints information in 7.1.2.5.2, 7.1.2.10.8. I believe that, at a minimum, we should re-introduce 7.1.5 and point to other subsections of 7.1.2 for consistency with RFC 3647. Thoughts? Dimitris. _______________________________________________ Servercert-wg mailing list [email protected]<mailto:[email protected]> https://lists.cabforum.org/mailman/listinfo/servercert-wg
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
