On 13/05/14 14:48, Peter Bowen wrote: > I would add the old Netscape Step-Up/SGC (2.16.840.1.113730.4.1) and > any EKU (2.5.29.37.0) to the list as well.
The point of the bug I reference is that we'd like to stop caring about these (in code), because allowing anyEKU means that we include in scope (and permit for SSL) a bunch of certs we don't really want to include in scope and really shouldn't be permitted for SSL as they weren't intended for SSL. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
