The usage of HTTPS for publishing CA certificates be prohibited in this standard to avoid the issues specified in Section 8 of RFC 5280 #243
Labels
Comments
|
Propose team discussion. See also #244 |
|
Decline- FIPS 201 specifies that you must use HTTP, and is now silent other protocols. As the commenter noted, RFC 5280 has additional guidance on this topic. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All Fields Are Required
Organization Name (N/A, if individual): DoD
Organization Type (see below for codes): 1 - Federal
Reference (Include section/paragraph or pdf line number): 5.5 Line 2121
Comment (Include rationale for comment): Does the specification of HTTP for publishing CA certificates preclude the usage of HTTPS? Considering RFC 5280, it probably should.
Suggested Change: Suggest the following text be added, "the usage of HTTPS for publishing CA certificates be prohibited in this standard to avoid the issues specified in Section 8 of RFC 5280, one example of which is "relying parties ... MUST be prepared for the possibility that this will result in unbounded recursion."
Organization Type: 1 = Federal, 2 = Industry, 3 = Academia, 4 = Self, 5 = Other
The text was updated successfully, but these errors were encountered: