Le lundi 27 octobre 2014 07:54:04 UTC+1, John Nagle a écrit : > Here's a nice example of Mozilla not fully understanding Organization > information in certificates: "www.facebook.com". > > Firefox says, for "https://www.facebook.com";, > > "This web site does not supply ownership information". > > But, in fact, not only does it supply ownership information > (the Subject contains O, L, ST, and C), DigiCert, which generated > the certificate, promises in their CPS that the info is valid. DigiCert > attached Policy OID 2.16.840.1.114412.1.1, promising > valid organization data.
CertificatePolicies extension cannot reliably be used for some CAs to assert some DV/OV compliance. DigiCert attached policyId 2.16.840.1.114412.1.1 to the subscriber certificate, but this certificate has been issued by a CA limited to policyId=2.16.840.1.114412.1.3.0.2 (by its issuing CA), which itself was limited to policyId=1.3.6.1.4.1.6334.1.0. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
