Peter,This was not intended to be a change at all. Some clarification will be needed in 3280bis-01.
The reason for the change is as follows. RFC 3280 began section 6.1.5 with
To complete the processing of the end entity certificate, perform the
following steps for certificate n:
The problem with this is that "end entity certificate" refers to a
certificate that is not a CA certificate. While the final certificate
in a certification path is usually an end entity certificate, it may be
a CA certificate. In X.509, the term "end certificate" is used to refer
to the final certificate in a certification path, whether that
certificate is a CA certificate or an end entity certificate. That is
why I changed "end entity certificate" to "end certificate".
This change was not made to accommodate "partial" path validation, so there is no need to change section 6.1.6. The change was only intended to acknowledge that the final certificate in the certification path may be a CA certificate, although it is being validated for some use other than certificate signing (e.g., CRL signing, OCSP response signing, signing of CMP/CMC transaction messages).
In the -01 draft, I will add a note to section 6.1 stating that certificate n is referred to as the "end certificate" (or "target certificate" if WG consensus is that that term should be used instead).
Dave Peter Sylvester wrote:
6.1.5 has remove the word 'entity', this seems a major change because it now also specifies a path validation algorithm for CA certs.But, 6.1.6 has not be updated to also output information that are necessary to determine later or earlier whether the CA certificate can be used to sign a particular certificate.For example, whether it can sign another ca cert or not,or the permitted and prohibited subtrees.(modulo the option to augment the input parameters)