NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0340:  NIT Technical Decision for Handling of the basicConstraints extension in CA and leaf certificates

Publication Date

Protection Profiles

Other References

Issue Description

The NIT has issued a technical decision for handling of the basicConstraints extension in CA and leaf certificates.


FIA_X509_EXT.1.1 (NDcPP V1.0, FWcPP V1.0) FIA_X509_EXT.1.1/Rev, item 3 (NDcPP V2.0, FWcPP V2.0) and FIA_X509_EXT.1.1/ITT, item 3 (NDcPP V2.0, FWcPP V2.0) shall be modified as follows:

"The TSF shall validate a certification path by ensuring that all CA certificates in the certification path contain the basicConstraints extension with the CA flag set to TRUE."

For further information, please see the NIT interpretation at:


According to RFC 5280 the presence of the basicConstraints extension is mandated only for CA certificates. Therefore the focus of the FIA_X509_EXT.1.1 SFRs has been restricted to CA certificates. This has been ambiguous in the original SFRs.

Site Map              Contact Us              Home