On 12/2/15 12:34 PM, Kathleen Wilson wrote:
All,
China Financial Certification Authority (CFCA) has filed Bugzilla Bug
#1229288 to request that an EV Policy OID be added for their root
certificate that is currently included and currently enabled for EV
treatment.
As per Bugzilla Bug #926029, this root cert was included in Firefox 38,
and given EV treatment in Firefox 40.
Details may be found here
https://bugzilla.mozilla.org/show_bug.cgi?id=926029#c38
Root Certificate Name: CFCA EV ROOT
O From Issuer Field: China Financial Certification Authority
Trust Bits: Websites
EV Policy OID(s): 2.16.156.112554.3
In their effort to switch from their internal EV OID to the one
recommended by the CA/Browser forum, CFCA has requested to add the
following new EV Policy OID to the "CFCA EV Root" cert.
New EV Policy OID: 2.23.140.1.1
I view this change as administrative, reasonable, and in the interest of
the Mozilla community; and it does not change permissions or
trustworthiness.
Therefore, unless anyone raises a concern about this change, I will
proceed with filing the bug to make the code change happen.
Kathleen
It was pointed out to me that 2.23.140.1.1 is the CA/Browser Forum's EV
Policy OID, so there is no need for us to add this Policy OID. The CA
must continue to include their own EV Policy OID too.
So, no change needed.
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
