[Standards] RFC6120 - digitalSignature bit set for the CA

Mathieu Pasquet mathieui at mathieui.net
Wed Aug 10 22:30:01 UTC 2016


Hello,

As discussed in the xsf MUC, a friend pointed out to me that the
presence of the digitalSignature for the requirement for the
digitalSignature bit to be set for the CA [1] was weird, as it is not
what that bit is intended for.

RFC 3280 [2] even explicitly states that the bit is to be used when that
key is meant for things *other* than certificate signing (keyCertSign
should be used for this case).

I’m assuming it’s an oversight and keyCertSign was meant here; otherwise
I would be delighted to know what’s the reason behind it.

[1] https://tools.ietf.org/html/rfc6120#section-13.7.1.1
[2] https://tools.ietf.org/html/rfc3280#section-4.2.1.3

Thanks in advance,

-- 
Mathieu Pasquet (mathieui)
poezio developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160811/08f85a92/attachment.sig>


More information about the Standards mailing list