Hello, As discussed in the xsf MUC, a friend pointed out to me that the presence of the digitalSignature for the requirement for the digitalSignature bit to be set for the CA [1] was weird, as it is not what that bit is intended for.
RFC 3280 [2] even explicitly states that the bit is to be used when that key is meant for things *other* than certificate signing (keyCertSign should be used for this case). I’m assuming it’s an oversight and keyCertSign was meant here; otherwise I would be delighted to know what’s the reason behind it. [1] https://tools.ietf.org/html/rfc6120#section-13.7.1.1 [2] https://tools.ietf.org/html/rfc3280#section-4.2.1.3 Thanks in advance, -- Mathieu Pasquet (mathieui) poezio developer
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
