On 30/04/14 11:59, Gervase Markham wrote:
On 30/04/14 00:24, Kathleen Wilson wrote:
On 4/29/14, 3:44 AM, Gervase Markham wrote:
Does the list on that wiki page need to include the Microsoft equivalent
of the SGC EKU? Or are we not mentioning that?
Yes, it's item #1 in the "Things for CAs to Fix" section.
Item #1 refers to Netscape SGC. I seem to remember their being something
similar but Microsoft-y, which is not mentioned. Am I mis-remembering?
Gerv, you remember correctly that there are 2 "similar" OIDs: one for
Netscape Step-Up and one for Microsoft SGC.
Bugs 982292, 982932 and 982936 talk about requiring CAs to stop
including the Netscape Step-Up OID in _new Intermediate CA
Certificates_, yet somehow this has morphed into "all new certificate
issuance" on mozpkix-testing#Things_for_CAs_to_Fix.
Was that intentional? Is it necessary?
Has any Mozilla software ever recognized the Microsoft SGC OID and done
anything with it?
What actual Mozilla-related problem would be solved by telling CAs to
omit the Microsoft SGC OID?
Do Mozilla have the right to tell CAs to stop using a proprietary
Microsoft OID?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
