Gauging interest in niche certificate profiles (ETSI / Eidas / NL)

[breynders-cb]

Internally we'll be going to extending a linter (1 or more) with additional rules to check all cases relevant to our use case. We're a QTSP in the Netherlands and are interested in linting a very specific certificate profile, namely a certificate for natural person qualified signatures (G4 Individual Validated eSig).

Other than some pkio (Dutch government pki) rules it's mostly a combination of common rulesets and ETSI rules, namely NCP+ (0.4.0.2042.1.2) and QCP-n-qscd (0.4.0.194112.1.2).

Is there interest in having these rules (partially) merged back upstream? How would you suggest structuring such rules in the current codebase?

[cardonator]

IMO having ETSI/PKIO lint buckets would be great for zlint, as long as they can be continuously maintained. We did have a set of lints but they had some bugs and I think several of them were removed.

[zakird]

100% agree. Scope wise, very much would like to see these in ZLint. The bigger question is whether there's sufficient community to contribute these lints and to review them.

[breynders-cb]

Thanks for the response! If we get started we'll be in touch through properly scoped issue or PR.