Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check Certificate Policies in S/MIME intermediates #114

Open
robstradling opened this issue Sep 30, 2024 · 1 comment
Open

Check Certificate Policies in S/MIME intermediates #114

robstradling opened this issue Sep 30, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@robstradling
Copy link
Contributor

For this Server Authentication intermediate, pkilint returns a cabf.serverauth.ca_missing_reserved_policy_oid finding.

For this Email Protection intermediate, pkilint doesn't currently detect what is essentially the same problem - namely that, per SBR 7.1.6.3, one or more reserved policy OIDs and/or anyPolicy must be included in the Certificate Policies extension.
@CBonnell CBonnell added the enhancement New feature or request label Oct 1, 2024
@CBonnell
Copy link
Collaborator

CBonnell commented Oct 1, 2024

Thanks for reporting this, @robstradling. Currently, pkilint does not have a SMIME ICA-specific linter (the SMIME linter only covers end-entity certificates).

I am planning to tackle SMIME ICA linting if/when the SMBR certificate profiles are updated in a manner similar to servercert ballot SC-62, which will allow for greater reuse of existing serverauth validators as opposed to writing the validators from scratch.

I'll keep this issue open for tracking this specific enhancement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robstradling @CBonnell