On 06/06/14 23:51, Kathleen Wilson wrote:
<snip>
Updated...
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Frequently_Asked_Questions
--
5. The transition of some subordinate CAs to Technical Constraints (as
per #9 of Mozilla's CA Certificate Inclusion Policy) has been
accomplished by creating a new CA hierarchy, so the old subordinate CA
certificate remains in 'CRL/OCSP only' mode until all certificates in
the old hierarchy have expired. Do we need to disclose the old
subordinate CA certificates that are being phased out and are in
'CRL/OCSP only' mode?
--For each subordinate CA certificate that is being phased out and
is in 'CRL/OCSP only' mode, please provide the following information:
Name of SubCA (optional), SubCA Cert Hash (SHA1 or SHA256), SubCA Cert
Subject Key Identifier, SubCA Cert Serial Number, Date of Last Cert
Issuance, Date of Last Cert Expiration.
Thanks Kathleen.
PS: I'm looking into automating CA and subCA data maintenance. My goal
is for CAs to maintain their own data, so I just have to approve
changes. More to come about this later, but if any of you have awesome
ideas about how to do this, please send me an email with your
recommendations.
I posted this a while ago...
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/UZAAzhkGmRo/DFehCrTHRZkJ
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
