Address comments

Signed-off-by: Hayden Blauzvern <[email protected]>

docs/certificate-specification.md

@@ -1,6 +1,11 @@
 # Certificate Specification
 
 This document includes the requirements for root, intermediate, and issued certificates.
+This document applies to all instances of Fulcio, including the production instance and
+all private instances using the service defined in this repository.
+
+The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are
+to be interpreted as described in [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt).
 
 ## Root Certificate
 
@@ -29,7 +34,7 @@ A root certificate MAY:
 * Specify a Basic Constraints path length constraint to prevent additional CA certificates
   from being issued beneath the root
 * Specify an Authority Key Identifier. If specified, it MUST be the same as the Subject Key Identifier
-* Specify other values in the Subject.
+* Specify other values in the Subject
 
 ## Intermediate Certificate
 
@@ -62,11 +67,16 @@ An intermediate certificate SHOULD NOT:
 
 * Use a different signature scheme (ECDSA vs RSA) than its parent certificate, as some clients do not support this
 
+An intermediate certificate MAY:
+
+* Be optional. An end-entity certificate MAY be issued from a root certificate or an intermediate certificate.
+  Clients MUST be able to verify a chain with any number of intermediate certificates.
+
 ## Issued Certificate
 
 An issued certificate MUST:
 
-* Specify a Subject Alternative Name as a critical extension. It MUST be populated by either:
+* Specify exactly one Subject Alternative Name, as a critical extension. It MUST be populated by either:
    * An email
    * A URI
 * Specify an Issuer equal to the parent certificate's Subject
@@ -83,13 +93,12 @@ An issued certificate MUST:
    * RSA of key size 2048 to 4096 (inclusive) with size % 8 = 0, E = 65537, and containing no weak primes
    * ED25519
 * Specify the OpenID Connect identity token issuer with OID `1.3.6.1.4.1.57264.1.1`
-* Append a precertificate to a Certificate Transparency log, where the precertificate MUST be signed by the certificate authority
-  and MUST include a poison extension with OID `1.3.6.1.4.1.11129.2.4.3`
-* Specify the Signed Certificate Timestamp (SCT) from the Certificate Transparency log with OID `1.3.6.1.4.1.11129.2.4.2`
+* Be appended to a Certificate Transparency log. Clients MUST NOT trust certificates that do not present
+  either a proof of inclusion or a Signed Certificate Timestamp (SCT)
 
 An issued certificate MUST NOT:
 
-* Specify a Subject
+* Specify a nonempty Subject
 * Specify multiple Subject Alternative Name values
 * Specify other Key Usages besides Digital Signature
 * Specify other Extended Key Usages besides Code Signing
@@ -98,6 +107,9 @@ An issued certificate SHOULD:
 
 * Use an ephemeral key. A client MAY request a certificate with a long-lived key, but a client MUST
   adequately secure the key material
+* Append a precertificate to a Certificate Transparency log, where the precertificate MUST be signed by the certificate authority
+  and MUST include a poison extension with OID `1.3.6.1.4.1.11129.2.4.3`
+* Specify the Signed Certificate Timestamp (SCT) from the Certificate Transparency log with OID `1.3.6.1.4.1.11129.2.4.2`
 
 An issued certificate SHOULD NOT:
 
@@ -109,4 +121,5 @@ An issued certificate MAY:
 * Specify Basic Constraints to `CA:FALSE`
 * Specify values from the OpenID Connect identity token in OIDs prefixed with `1.3.6.1.4.1.57264.1`,
   such as values from a GitHub Actions workflow
-* Specify multiple SCTs with OID `1.3.6.1.4.1.11129.2.4.2`, denoting that the certificate has been appended to multiple logs
+* Specify multiple SCTs with OID `1.3.6.1.4.1.11129.2.4.2`, denoting that the certificate has been appended to multiple logs
+* Specify the Signed Certificate Timestamp (SCT) in a response header `SCT` instead of embedding the SCT in the certificate