I would like to know if the folks reading here believe it might be useful to have some lints for qualified certificates intended for use in the PSD2 context. These certificates must comply with the ETSI TS 119 495 specification. A few thousand have been issued over the last few years. According to my preliminary investigation, almost all of them are basically okay, but there are some errors. It is not clear how much it is worth worrying about, given that there does not seem to be any real supervision of these aspects. It is also unclear how "sensitive" relying parties are to the correct encoding of such certificates. The PSD2 directive will be replaced by a PSD3 directive, but it is not clear when or if there will be any impact on the certificate profile. In any case, new certificates of this type continue to be issued at the moment, so I would like to gather opinions on the usefulness of linting them by Zlint, and if so which checks seem worth implementing (I can think of 4 or 5 at the moment). Regardless of opinions, I might still propose some lints in this area in the near future.
I would like to know if the folks reading here believe it might be useful to have some lints for qualified certificates intended for use in the PSD2 context. These certificates must comply with the ETSI TS 119 495 specification. A few thousand have been issued over the last few years. According to my preliminary investigation, almost all of them are basically okay, but there are some errors. It is not clear how much it is worth worrying about, given that there does not seem to be any real supervision of these aspects. It is also unclear how "sensitive" relying parties are to the correct encoding of such certificates. The PSD2 directive will be replaced by a PSD3 directive, but it is not clear when or if there will be any impact on the certificate profile. In any case, new certificates of this type continue to be issued at the moment, so I would like to gather opinions on the usefulness of linting them by Zlint, and if so which checks seem worth implementing (I can think of 4 or 5 at the moment). Regardless of opinions, I might still propose some lints in this area in the near future.