Corey Bonnell

Now that SC48 has passed and is effective, this can be closed.

> Should this lint also check for any reserved LDH Labels that are not P-Labels? > > In relation to: https://bugzilla.mozilla.org/show_bug.cgi?id=1740493 Hi Paul, that lint was implemented as part of...

The BRs in sections 7.1.2.1 (b) and 7.1.2.2 (e) mandate that CA certificates assert the cRLSign KU bit. Given that the bit is asserted, the CA is by definition the...

The definition of Validity Period in the BRs was not aligned with the RFC 5280 definition until SC31. Changing the validity period calculation to align with 5280 for certificates issued...

I think it's fine, as there appears to be no actual logic change introduced as part of this PR. It appears to merely add test cases of existing lints.

The associated pull request is closed, so I'll comment here. The full text of 7.1.4.2.2 (h) says: > Certificate Field: subject:emailAddress (1.2.840.113549.1.9.1) > Contents: If present, the subject:emailAddress SHALL contain...

I think this is a duplicate of https://github.com/zmap/zlint/issues/639.

This extension should result in an ERROR-level finding for end-entity certificates. While 5280 doesn't use RFC 2119 keywords, it is clear that it is only acceptable for the extension to...

See clauses 35 (b) (c), and clause 38 of [X.680 2002-07](https://www.itu.int/rec/T-REC-X.680-200207-S/en) for the character repertoire of `IA5String`.

My two cents... any type of "entropy" checks against a single sample will ultimately be error-prone. A high-volume issuer that includes several octets of CSPRNG output beyond the minimum of...