Cabfourm X.509v3/ PKIX guidelines from Hallam-Baker, Phillip on 2007-04-16 (public-wsc-wg@w3.org from April 2007)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 16 Apr 2007 09:57:27 -0700
To: <public-wsc-wg@w3.org>
Message-ID: <198A730C2044DE4A96749D13E167AD37011E1CE3@MOU1WNEXMB04.vcorp.ad.vrsn.com>

The latest version of the guidelines is at:
 
http://www.cabforum.org/EV_Certificate_Guidelines.pdf
 
The actual profile requirements are in part D, sections 6 through 8.
 
Section 6 essentially states that particular OIDs must be used for the subject and issuer identifier DN arcs. These appear to be taken from PKIX.
 
Section 7 states where the policy OIDs should be placed.
 
Section 8 gives maximum lifespan requirements, interestingly this is a SHOULD not a MUST.
 
 
Additional technical details are in Appendices A and B.
 
Appendix A is motherhood/Apple pie statements on key lengths. Most important thing here is that the transition to 2048 bits is mandated by the end of 2010.
 
Appendix B is a profile on X.509v3 and PKIX (RFC 3280).

Received on Monday, 16 April 2007 16:57:46 UTC