We want people to stop using the obsolete Netscape SGC OID.
So, how about if I just add the word "intermediate"?
It'll become:
--
1. Stop using the "Netscape Server Gated Crypto (2.16.840.1.113730.4.1)"
(SGC) EKU. For all new intermediate certificate issuance, use the "TLS
Web Server Authentication (1.3.6.1.5.5.7.3.1)" EKU instead of the SGC EKU.
--
Changed to
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix
--
1. Stop using the "Netscape Server Gated Crypto (2.16.840.1.113730.4.1)"
EKU. For all new intermediate certificate issuance, use the "TLS Web
Server Authentication (1.3.6.1.5.5.7.3.1)" (serverAuth) EKU if that
intermediate certificate will be signing SSL certificates. Do not use
the obsolete Netscape Server Gated Crypto EKU.
--
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
