On 11/1/13 1:39 PM, Jeremy Rowley wrote:
Hi Kathleen,
Can you clarify whether this applies only to third-party Sub CA certificates
or internal subordinate CAs? A lot of the inclusion policy seems applicable
only to external sub CAs. If the certificate is covered by our WebTrust
audit, is operated solely by DigiCert, and is only used as an intermediate
for the purpose of not issuing off the root certificate, then is disclosure
really necessary?
I think some CAs create new intermediates for testing or other purposes
every two or so weeks. I think it's counter-productive to provide notice of
each of these certificates.
Jeremy
Sure. Added "externally-operated".
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
