On 5/6/14, 11:36 AM, Kathleen Wilson wrote:
I updated
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
"5. A certificate will not be considered an EV certificate if
mozilla::pkix cannot build a path to a trusted root that does not
contain any certificates with the inhibitAnyPolicy extension. However,
such certificates will still validate as non-EV as long as there are no
non-policy-related issues. bug 989051"
Thanks,
Kathleen
It has been brought to my attention that the above statement is very
difficult to understand.
Alternatives suggested:
A certificate will not be considered an EV certificate if mozilla::pkix
determines that all possible paths to a trusted root rely on
certificates that contain the inhibitAnyPolicy extension.
OR
Mozilla::pkix must be able to build at least one trusted path that lacks
the inhibitAnyPolicy extension to grant EV treatment to a certificate.
Any preference?
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
