136
edits
Changes
→Precertificates: add link to BR discussion
However, [https://cabforum.org/baseline-requirements-documents/ BR] section 7.1.2.5 states “For purposes of clarification, a Precertificate, as described in RFC 6962 – Certificate Transparency, shall not be considered to be a “certificate” subject to the requirements of RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile under these Baseline Requirements.”
Mozilla [https://cabforum.org/pipermail/public/2014-January/002694.html interprets ] the BR language as a specific exception allowing CAs to issue a precertificate containing the same serial number as the subsequent certificate [1]. Otherwise, Mozilla infers from the existence of a precertificate that a corresponding certificate has been issued.
This means, for example, that:
