I've been trying to figure out what is required, forbidden, and optional for X.509 certificates that conform to the Mozilla requirements. It isn't all that easy given the indirection in the requirements (you need at least the CA/Browser Forum Baseline Requirements, RFC 5280, RFC 4519, and probably some other 451x RFCs).
I've generated two sample chains (including the roots). https://gist.github.com/anonymous/7bfeaeea344f0ea8b5a8 (Root with RSA key) https://gist.github.com/anonymous/868ee4381d059f26e675 (Root with EC key) Does anyone see any issues with any of the certificates in these chains? Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
