You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See issue #74 - Kathleen would like to have anyEKU in scope. She writes:
Section 1.1: Change item 2 in a few places:
“2. Intermediate certificates which have at least one valid, unrevoked chain up to such a CA certificate and which are not technically constrained to prevent issuance of working server or email certificates. Such technical constraints could consist of either:
an Extended Key Usage (EKU) extension which does not contain any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:
name constraints which do not allow Subject Alternative Names (SANs) of any of the following types: dNSName, iPAddress, SRVName, rfc822Name
Change the first bullet point in item 3 to:
“an Extended Key Usage (EKU) extension which contains one or more of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:”
I have filed a separate bug for this because it probably needs discussion.
The text was updated successfully, but these errors were encountered:
See issue #74 - Kathleen would like to have anyEKU in scope. She writes:
Section 1.1: Change item 2 in a few places:
“2. Intermediate certificates which have at least one valid, unrevoked chain up to such a CA certificate and which are not technically constrained to prevent issuance of working server or email certificates. Such technical constraints could consist of either:
an Extended Key Usage (EKU) extension which does not contain any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:
name constraints which do not allow Subject Alternative Names (SANs) of any of the following types: dNSName, iPAddress, SRVName, rfc822Name
Change the first bullet point in item 3 to:
“an Extended Key Usage (EKU) extension which contains one or more of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:”
I have filed a separate bug for this because it probably needs discussion.
The text was updated successfully, but these errors were encountered: