x509 v1 certificate
wk at gnupg.org
Mon Sep 25 12:31:00 CEST 2006
On Mon, 25 Sep 2006 10:58, Simon Josefsson said:
> However, I do agree with you, and a perfectly reasonable
> interpretation is that CA certificates (including root CAs) MUST have
> key usage extensions, but a conforming verifier of certificates chains
> should permit certificates without key usage extensions. This is also
But not without BasicConstraints. I just looked at the test
specification we had to pass and they clearly state that all CA
certificates (including the root CA certificate) are required to carry
Whey saying "all certificates issued by a CA" this obviously includes
the root certitificate because that one has been issued by the CA too.
Whether it is self-signed or not does not matter.
More information about the Gnupg-devel