Errors in CP and CPS

tlussnig · May 24, 2016, 8:48pm

Continuing the discussion from Improving revocation : will Let's Encrypt support OCSP Must-staple?:

CP:

."id-kp-emailProtection [RFC5280] maybe present. Other values shouldnotbe present"

Is this an hint that there maybe come s/mime certificates too ?

And an typo on the head of page 62:

"Curve P-521" "ansip384r1 ::= { iso(1) identified-organization(3) certicom(132) curve(0) 35 }"

CPS:

The CA ensures that the public exponent of the RSA Keysfor aDV-SSL Certificates is in the range between 2 16+1 and 2256-1. The modulus are an odd number, not the power of a prime, and have no factors smaller than 752.

This can not be real ?

The range "2 16+1" i think is missing some formular sign and 2256 looks also odd.
If the RSA key have an prime factor 752 and less than 2^32 than you can put it to the trash bin.
Here also 2^752 is meant.

Personally i think here need someone take an carefully look at all number and formulars.

Osiris · May 24, 2016, 10:02pm

As I said in the other thread: the emailProtection part was already mentioned in the first CP and even then the statement of LE was “not likely” or something like that… Nothing has changed since I assume.

system · June 23, 2016, 10:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
OCSP Reliability Shout Out Praise	13	1895	March 22, 2021
[ ZeroSSL ] Crypt::LE ACME v2 support Client dev	4	1903	March 29, 2018
Updated CPS v1.5 Issuance Policy	4	3230	November 18, 2016
Feature-Request: SMIME / Signing for PDF Feature Requests	4	2340	April 20, 2019
Improving revocation : will Let's Encrypt support OCSP Must-staple? Feature Requests	68	23100	June 25, 2016

Errors in CP and CPS

Related topics