These are two of the more critical changes required by the SC-62 ballot that goes into effect on Sept 15th. The following changes were made in this PR:
Updated lint for common name handling. The definition for the CN field has switched from deprecated to NOT RECOMMENDED (essentially SHOULD NOT). An IneffectiveDate was added to the original lint. [This was based on nomenclature adopted from https://datatracker.ietf.org/doc/html/rfc2119#section-4]
Added a new lint for subscriber cert basic constraints checking. Post-SC62, basicConstraints MAY be included but MUST be critical if present.
Added a date for SC62 Effective
I did want to get eyes on the approach here. We don't usually use Ballot numbers in the effective dates, however these changes present a unique challenge since we have one lint that is no longer effective while a new lint becomes effective; additionally SC-62 makes changes to both the TLS BRs and the EVGs. Perhaps I could change that to the version of the TLS BRs going into effect on that date anyway? paging @christopher-henderson for feedback.
These are two of the more critical changes required by the SC-62 ballot that goes into effect on Sept 15th. The following changes were made in this PR:
I did want to get eyes on the approach here. We don't usually use Ballot numbers in the effective dates, however these changes present a unique challenge since we have one lint that is no longer effective while a new lint becomes effective; additionally SC-62 makes changes to both the TLS BRs and the EVGs. Perhaps I could change that to the version of the TLS BRs going into effect on that date anyway? paging @christopher-henderson for feedback.