[Standards] RFC6120 - digitalSignature bit set for the CA
mathieui at mathieui.net
Wed Aug 10 22:30:01 UTC 2016
As discussed in the xsf MUC, a friend pointed out to me that the
presence of the digitalSignature for the requirement for the
digitalSignature bit to be set for the CA  was weird, as it is not
what that bit is intended for.
RFC 3280  even explicitly states that the bit is to be used when that
key is meant for things *other* than certificate signing (keyCertSign
should be used for this case).
I’m assuming it’s an oversight and keyCertSign was meant here; otherwise
I would be delighted to know what’s the reason behind it.
Thanks in advance,
Mathieu Pasquet (mathieui)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the Standards