Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add anyEKU to scope #79

Closed
gerv opened this issue May 2, 2017 · 0 comments
Closed

Add anyEKU to scope #79

gerv opened this issue May 2, 2017 · 0 comments
Milestone
2.5

Comments

@gerv
Copy link
Contributor

gerv commented May 2, 2017

See issue #74 - Kathleen would like to have anyEKU in scope. She writes:

Section 1.1: Change item 2 in a few places:
“2. Intermediate certificates which have at least one valid, unrevoked chain up to such a CA certificate and which are not technically constrained to prevent issuance of working server or email certificates. Such technical constraints could consist of either:
an Extended Key Usage (EKU) extension which does not contain any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:
name constraints which do not allow Subject Alternative Names (SANs) of any of the following types: dNSName, iPAddress, SRVName, rfc822Name

Change the first bullet point in item 3 to:
an Extended Key Usage (EKU) extension which contains one or more of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth, id-kp-emailProtection; or:

I have filed a separate bug for this because it probably needs discussion.
@gerv gerv added this to the 2.5 milestone May 2, 2017
@gerv gerv mentioned this issue May 2, 2017
Closed
@gerv gerv closed this as completed in deeee61 May 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.5
Development

No branches or pull requests
1 participant
@gerv