On 5/6/2014 3:48 PM, Kathleen Wilson wrote: > On 5/6/14, 11:36 AM, Kathleen Wilson wrote: >> I updated >> https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes >> >> >> "5. A certificate will not be considered an EV certificate if >> mozilla::pkix cannot build a path to a trusted root that does not >> contain any certificates with the inhibitAnyPolicy extension. However, >> such certificates will still validate as non-EV as long as there are no >> non-policy-related issues. bug 989051" >> >> >> Thanks, >> Kathleen >> > > > It has been brought to my attention that the above statement is very > difficult to understand. > > Alternatives suggested: > > A certificate will not be considered an EV certificate if mozilla::pkix > determines that all possible paths to a trusted root rely on > certificates that contain the inhibitAnyPolicy extension.
While more wordy, the above is easier to understand. > OR > > Mozilla::pkix must be able to build at least one trusted path that lacks > the inhibitAnyPolicy extension to grant EV treatment to a certificate. > > > Any preference? > > Kathleen > > > > > -- David E. Ross <http://www.rossde.com/> On occasion, I filter and ignore all newsgroup messages posted through GoogleGroups via Google's G2/1.0 user agent because of spam, flames, and trolling from that source. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy