ACTION-189: Cabfourm X.509v3/ PKIX guidelines from Hallam-Baker, Phillip on 2007-04-16 (public-wsc-wg@w3.org from April 2007)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 16 Apr 2007 09:58:46 -0700
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, <public-wsc-wg@w3.org>
Message-ID: <198A730C2044DE4A96749D13E167AD37011E1CE4@MOU1WNEXMB04.vcorp.ad.vrsn.com>

Once more with the right subject line       
       
        The latest version of the guidelines is at:
        
        http://www.cabforum.org/EV_Certificate_Guidelines.pdf
        
        The actual profile requirements are in part D, sections 6 through 8.
        
        Section 6 essentially states that particular OIDs must be used for the subject and issuer identifier DN arcs. These appear to be taken from PKIX.
        
        Section 7 states where the policy OIDs should be placed.
        
        Section 8 gives maximum lifespan requirements, interestingly this is a SHOULD not a MUST.
        
        
        Additional technical details are in Appendices A and B.
        
        Appendix A is motherhood/Apple pie statements on key lengths. Most important thing here is that the transition to 2048 bits is mandated by the end of 2010.
        
        Appendix B is a profile on X.509v3 and PKIX (RFC 3280).

Received on Monday, 16 April 2007 16:59:08 UTC