x509 v1 certificate
Werner Koch
wk at gnupg.org
Mon Sep 25 12:31:00 CEST 2006
On Mon, 25 Sep 2006 10:58, Simon Josefsson said:
> However, I do agree with you, and a perfectly reasonable
> interpretation is that CA certificates (including root CAs) MUST have
> key usage extensions, but a conforming verifier of certificates chains
> should permit certificates without key usage extensions. This is also
But not without BasicConstraints. I just looked at the test
specification we had to pass and they clearly state that all CA
certificates (including the root CA certificate) are required to carry
a BasicConstraints.
Whey saying "all certificates issued by a CA" this obviously includes
the root certitificate because that one has been issued by the CA too.
Whether it is self-signed or not does not matter.
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list