On Tue, May 20, 2014 at 11:23:54AM -0700, Kathleen Wilson wrote: > Maybe we should re-visit the idea of a "wall of shame", and publicly list > the CAs who are still issuing certificates with the following problems. [...] > * Certificate not version 3
I've only seen 1 such subscriber certificate, but I see 14 such certificates in the CA root list. The CA/B baseline requirements actually requires it for CA certificates but doesn't say it's required for subscriber certificates. But I think the other requirements for the subscriber certificates actually also makes this mandatory. I've filed a bug in bugzilla about the 1 subscriber certificate I see. Do we also want all the root CAs to change to v3? Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
