Hi Kathleen, I recommend we not allow the code signing bit to be enabled for this root. Even though removing code signing is not yet official policy I don't think it makes much sense to activate it for this root if only to remove it a year later (or whatever the timeframe). It might be good to at least let Unizeto Certum know that the change is in the works.
Speaking for myself, I'd be interested in knowing why they wanted code signing trust in the first place. Do they have specific customers or use-cases in mind or??? This could be a good learning opportunity, if there's anything that Unizeto Certum would like to share with the community. Original Message From: Kathleen Wilson Sent: Wednesday, October 21, 2015 2:28 PM On 10/1/15 3:44 PM, Kathleen Wilson wrote: > Unizeto Certum has applied to include the “Certum Trusted Network CA 2” > root certificate, turn on all three trust bits, and enable EV treatment. > This is the next generation of the “Certum Trusted Network CA” root cert > that was included via bug #532377. > Does anyone have any comments, questions, or concerns about this request from Unizeto Certum? Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
