What do you perceive the danger to be? On Wed, Feb 18, 2015 at 9:30 AM, Peter Kurrasch <[email protected]> wrote:
> Allowing a single cert to be used for both websites and code signing is a > dangerous proposition. What is the current thinking among the community? > > > Original Message > From: Kathleen Wilson > Sent: Thursday, February 12, 2015 12:31 PM > To: [email protected] > Subject: TurkTrust Root Renewal Request > > TurkTrust has applied to include the SHA-256 "TÜRKTRUST Elektronik > Sertifika Hizmet Sağlayıcısı H5" and "TÜRKTRUST Elektronik Sertifika > Hizmet Sağlayıcısı H6" root certificates; turn on the Websites trust bit > for both roots, turn on the Code Signing trust bit for the H5 root, and > enable EV treatment for the H6 root. TurkTrust's SHA-1 root certificates > were included in NSS via Bugzilla Bug #380635 and Bug #433845. > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
