cp-cps icon indicating copy to clipboard operation
cp-cps copied to clipboard
verified publisher icon letsencrypt

Miscellaneous improvements to profiles

Open aarongable opened this issue 1 year ago • 0 comments

Section 7.1:

  • Subordinate: remove "Let's Encrypt Authority X", as those intermediates have expired
  • DV-SSL: specify that we only accept 3 specific RSA key sizes
  • OCSP: remove this profile entirely, as our only delegated OCSP signer has long since expired

Section 7.2:

  • Say that the signature algorithm is determined by the issuer
  • Add "onlyContainsUserCerts" to the IDP in the latter of the two profiles

aarongable avatar Mar 20 '24 19:03 aarongable