Nit: Clarify scope for S/MIME ICAs #243
Description
Paragraph 2 of S/MIME BR 1.1 states: "An S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension."
This is perfectly reasonable for end-entity S/MIME Certificates, which is clearly what was meant. However, it leaves unclear what this means for subCAs, where the inclusion or lack of an email address isn't intended to change scope. It would be clearer if it read:
"An end-entity S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension. A subordinate CA S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4). "