On Wed, Apr 13, 2016 at 2:26 PM, Kathleen Wilson <kwil...@mozilla.com> wrote: > All, > > I added the following to > https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F > ~~ > Intermediate certificates are considered to be technically constrained, and > do not need to be added to the CA Community in Salesforce if: > - The certificate has the Extended Key Usage (EKU) extension and the EKU does > not include any of these KeyPurposeIds: anyExtendedKeyUsage, id-kp-serverAuth > - The root certificate is not enabled with the Websites trust bit > ~~ > > This means that CAs do not need to add intermediate certificates that have an > EKU that only includes KeyPurposeIds id-kp-emailProtection or > id-kp-codeSigning. > > Does anyone see any problems with this?
I thought the Mozilla decision was to drop code signing but keep emailProtection. This seems to make emailProtection a second class citizen. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy