EmailProtection should be a lower class citizen. It's not heavily used by Mozilla and doesn't have the same risk to the community of misuse. There also aren't very stringent requirements surrounding the operation of emailprotection intermediates and certificates. There simply aren't applicable guidelines, meaning disclosure won't necessarily provide very much information about how the intermediate is operate.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Peter Bowen Sent: Wednesday, April 13, 2016 7:33 PM To: Kathleen Wilson Cc: [email protected] Subject: Re: Which intermediate certs to add to CA Community in Salesforce On Wed, Apr 13, 2016 at 2:26 PM, Kathleen Wilson <[email protected]> wrote: > All, > > I added the following to > https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_cer > tificate_data_should_CAs_add_to_Salesforce.3F > ~~ > Intermediate certificates are considered to be technically constrained, and do not need to be added to the CA Community in Salesforce if: > - The certificate has the Extended Key Usage (EKU) extension and the > EKU does not include any of these KeyPurposeIds: anyExtendedKeyUsage, > id-kp-serverAuth > - The root certificate is not enabled with the Websites trust bit ~~ > > This means that CAs do not need to add intermediate certificates that have an EKU that only includes KeyPurposeIds id-kp-emailProtection or id-kp-codeSigning. > > Does anyone see any problems with this? I thought the Mozilla decision was to drop code signing but keep emailProtection. This seems to make emailProtection a second class citizen. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
