Merge pull request #575 from uspki/typo-correction

Typo correction
uspki · Mar 22, 2019 · 074e87e · 074e87e
2 parents 07d3f45 + 0709e26
commit 074e87e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/certificate-profile-subordinate-CA.md b/certificate-profile-subordinate-CA.md
@@ -17,7 +17,7 @@
 | basicConstraints | Mandatory | True |  cA=True <br> The pathLenConstraint field shall be present and set to zero (0). |
 | subjectKeyIdentifier   | Mandatory | False |  Octet String <br> Derived using SHA-1 hash of the public key  |
 | keyUsage  | Mandatory | True | Bit positions for keyCertSign and cRLSign shall be set. <br> If the Subordinate CA Private Key is used for signing OCSP responses, then the digitalSignature bit shall also be set. |
-| extkeyUsage |  Mandatory  | False | This extension is required for Technically constrained nameConstraints per Section 7.1.2.2 and Section 7.1.5. <br> Required Extended Key Usage: <br> Server Authentication id-kp-serverAuth {1.3.6.1.5.5.7.3.1} <br><br> Optional Extended Key Usage: <br> Client Authentication id-kp-clientAuth {1.3.6.1.5.5.7.3.2} <br>id-kp-OCSPSigning {1.3.6.1.5.5.7.3.9} <br> Other values may be present consistent with use for server authentication, with approval by the FPKIPA. |
+| extkeyUsage |  Mandatory  | False | This extension is required for Technically Constrained Subordinate CAs per Section 7.1.5. <br> Required Extended Key Usage: <br> Server Authentication id-kp-serverAuth {1.3.6.1.5.5.7.3.1} <br><br> Optional Extended Key Usage: <br> Client Authentication id-kp-clientAuth {1.3.6.1.5.5.7.3.2} <br>id-kp-OCSPSigning {1.3.6.1.5.5.7.3.9} <br> Other values may be present consistent with use for server authentication, with approval by the FPKIPA. |
 | certificatePolicies |  Mandatory  | False | See Section 7.1.6.3. At least one US Government certificate policy OID listed in Section 7.1.6.1 asserting compliance with this CP, and one CAB Forum certificate policy OID listed in Section 7.1.6.1 asserting compliance with the CAB Forum Baseline Requirements. The certificate shall include all the certificate policy OIDs for all certificates issued by the CA.  |
 | subjectAltName | Optional | False  | Underscore characters (“_”) shall not be present in dNSName entries. |
 | authorityInformationAccess | Mandatory | False | OCSP: <br> Publicly accessible URI of Issuing CA's OCSP responder accessMethod = {1.3.6.1.5.5.7.48.1} <br>At least one instance of the OCSP responder access method shall be included. All instances of this access method shall include the HTTP URI name form.<br><br> id-ad-caIssuers: <br> Publicly accessible URI of Issuing CA’s certificate accessMethod = {1.3.6.1.5.5.7.48.2} <br> All instances of this access method shall include the HTTP URI name form to specify an HTTP accessible location containing either a single DER encoded certificate, or a BER or DER encoded “certs-only” CMS message as specified in [RFC5272]. |