Wait for changes to related Part 12 issue. Consider specifying the required additional certificate checks to be specified in security policies instead of in Part 4 for backward compatibilty.

Need to discuss at F2F - not sure if we need a change anything.

Part 6 defines:
extendedKeyUsage may specify serverAuth and/or clientAuth.

It is not defined if a server gets serverAuth and clientAuth and client only clientAuth.

Moved to Part 6 and cloned to Part 12.

Not clear what needed to be done.
Added additional state on what ApplicationType means with registering with the GDS:

The ApplicationType allows an application to advertise the capabilities that may be discovered. It is not statement of what an application can do.
If the ApplicationType is Server the application supports normal connections on all its DiscoveryUrls

What was changed has nothing to do wih the original request.

The request was related to ExtendedKeyUsage in the certificate and having 'clientAuth' for Clients and 'clientAuth + serverAuth' for Servers.
This was clarified in Part 6 but Part 12 is silent about this in CertificateManager signed certificate creation.

Changed text in 7.9.3 StartSigningRequest to:

Any bits set in basicConstraints or extendedKeyUsage fields in the CSR are ignored by the CertificateManager. The CertificateManager uses values that are appropriate and compliant with requirements defined for Application Instance Certificates in OPC 10000-6.

Agreed to changes edited in web meeting.