From 45906c5c676d8aad051fd65a388020f8fb96a8ef Mon Sep 17 00:00:00 2001 From: Paul van Brouwershaven Date: Wed, 3 Apr 2024 10:38:24 +0200 Subject: [PATCH] SC-72 - Delete except to policyQualifiers in EVGs; align with BRs by making them NOT RECOMMENDED (#490) * Align policyQualifiers with BRs and make them NOT RECOMMENDED * Remove all references around policyQualifiers The EVG already includes all provisions of the TLS BRs, no need to re-specify this here. --- docs/EVG.md | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/docs/EVG.md b/docs/EVG.md index 365cb813..1504fc0e 100644 --- a/docs/EVG.md +++ b/docs/EVG.md @@ -608,31 +608,13 @@ All provisions of the Baseline Requirements concerning Minimum Cryptographic Alg Otherwise, it MAY contain the anyPolicy identifier. -2. The following fields MUST be present if the Subordinate CA is not controlled by the entity that controls the Root CA. - - * `certificatePolicies:policyQualifiers:policyQualifierId` - - `id-qt 1` [RFC 5280] - - * `certificatePolicies:policyQualifiers:qualifier:cPSuri` - - HTTP URL for the Root CA's Certification Practice Statement - -3. The `certificatePolicies` extension in EV Certificates issued to Subscribers MUST include the following: +2. The `certificatePolicies` extension in EV Certificates issued to Subscribers MUST include the following: * `certificatePolicies:policyIdentifier` (Required) The Issuer's EV policy identifier - * `certificatePolicies:policyQualifiers:policyQualifierId` (Required) - - `id-qt 1` [RFC 5280] - - * `certificatePolicies:policyQualifiers:qualifier:cPSuri` (Required) - - HTTP URL for the Subordinate CA's Certification Practice Statement - -4. The `cRLDistributionPoints` extension MUST be present in Subscriber Certificates if the certificate does not specify OCSP responder locations in an `authorityInformationAccess` extension. +3. The `cRLDistributionPoints` extension MUST be present in Subscriber Certificates if the certificate does not specify OCSP responder locations in an `authorityInformationAccess` extension. ## 9.8. Certificate Extensions