Dear Mr Christoph Klein, >>* V Clause (X): We analyzed this problem and found an issue, where the >>variable wasn't transfered into the final certificate. This bug has been >>around since our first issued EV certificate and wasn't noticed until now. >>The problem is fixed, new certificates will replace the x with the proper >>letter.
>>>Given that every EV certificate you issued had this error, and you have been issuing EV certificates since at least 2013 (from your old root), how was this error not detected by the self-audit you are required to perform of 'a randomly selected sample of at least three percent of the EV Certificates'? This text is not permitted since EV guidelines version 1.3, published in 2010. Please, read the "Guidelines For The Issuance And Management Of Extended Validation Certificates" (https://cabforum.org/wp-content/uploads/EV-V1_5_7.pdf) Section 9.2.4: Certificate field: subject:businessCategory (OID: 2.5.4.15) Required/Optional: Required Contents: This field MUST contain one of the following strings: "Private Organization", "Government Entity", "Business Entity", or "Non-Commercial Entity" depending upon whether the Subject qualifies under the terms of Section 8.5.2, 8.5.3, 8.5.4 or 8.5.5 of these Guidelines, respectively. Best, J _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
