Test case 4.6.4
- Subject: Test case 4.6.4
- From: evik <evik@mail.chaos.hu>
- Date: Tue, 15 Feb 2005 23:40:08 +0100
- Content-Disposition: inline
- Content-Type: text/plain; charset=us-ascii
- User-Agent: Mutt/1.5.6+20040907i
Hi
I have a problem with test case
4.6.4 Valid basicConstraints Not Critical Test4
It states that the CA certificate contains the basicConstraints
extension, the cA component is true, but the extension is marked not
critical.
In rfc3280 point 4.2.1.10 page 36 states this about basicConstraints:
This extension MUST appear as a critical extension in all CA
certificates that contain public keys used to validate digital
signatures on certificates. This extension MAY appear as a
critical or non-critical extension in CA certificates that contain
public keys used exclusively for purposes other than validating
digital signatures on certificates. Such CA certificates
include ones that contain public keys used exclusively for validating
digital signatures on CRLs and ones that contain key
management public keys used with certificate enrollment protocols.
This extension MAY appear as a critical or non-critical
extension in end entity certificates.
>From this paragraph the first sentence is important.
It clearly states that this extension MUST appear and MUST be marked as
critical in CA certificates used for signing certificates. For this
reason I think that the expected result for test case 4.6.4 should be:
The path should NOT validate successfully because the extension is
marked non critical.
evik
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov