At 2:43 PM +0100 7/28/08, Jim Schaad wrote:
Comments on the draft.
In section 4.4.3, I find the following text confusing:
End-entity certificates contain an extension that
constrains the certificate from being an issuing authority
certificate (see Section 4.4.2).
I believe that this text might be better as it clarifies what is being
stated. I.e. it is not the fact that basic constraints is being used which
actually does the mentioned constraint.
End-entity certificates contain the Key Usage extension which restraints the
end-entity from using the key to perform issuing authority operations (see
4.4.4)
s/restraints/restrains/
Also the previous comment (on 3851bis) on key sizes > 4096 should be applied
to this document
My same reply applies.