Bonjour Moises, Le lundi 23 juin 2014 11:53:05 UTC+2, [email protected] a écrit : > El viernes, 20 de junio de 2014 17:07:05 UTC+2, Erwann Abalea escribió: > > > Under "ANF Global Root CA": > > > > https://kerberosns.com/cloud > > > > EV certificate is not compliant with EV Guidelines: > > [...] > > Hello, > > I'm Moises Amador, ANF's representative. > > This is the account from which officially respond. > > Erwann, thanks for taking the time to review our request. > We will carefully review the points you mention, and answer all soon.
There's one additional point which doesn't affect Mozilla (for now), but currently affects Microsoft. Your OCSP responders don't set the nextUpdate date (it's optional). This is valid, but it has a side-effect, Microsoft CAPI considers that such responses are obsolete, and fall back to CRL download. If your CRLs are invalid, as it's the case when validating "ANF SSL Sede CA1" certificate, it becomes a security problem. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
