As you know, the CAB Forum guidelines do not mandate use of CAB Forum policy OIDs to assert DV/OV compliance. We'd happily support a change in this policy at the CAB Forum and plan to update our certs accordingly if such ballot passes.
Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Erwann Abalea Sent: Monday, October 27, 2014 4:23 AM To: [email protected] Subject: Re: Organization info in certs not being properly recognized by Firefox Le lundi 27 octobre 2014 07:54:04 UTC+1, John Nagle a écrit : > Here's a nice example of Mozilla not fully understanding Organization > information in certificates: "www.facebook.com". > > Firefox says, for "https://www.facebook.com";, > > "This web site does not supply ownership information". > > But, in fact, not only does it supply ownership information (the > Subject contains O, L, ST, and C), DigiCert, which generated the > certificate, promises in their CPS that the info is valid. DigiCert > attached Policy OID 2.16.840.1.114412.1.1, promising valid > organization data. CertificatePolicies extension cannot reliably be used for some CAs to assert some DV/OV compliance. DigiCert attached policyId 2.16.840.1.114412.1.1 to the subscriber certificate, but this certificate has been issued by a CA limited to policyId=2.16.840.1.114412.1.3.0.2 (by its issuing CA), which itself was limited to policyId=1.3.6.1.4.1.6334.1.0. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
