On 17/05/16 00:40, Kathleen Wilson wrote: > So, old intermediate certs like that should not be marked technically > constrained. New intermediate certs that have the SGC EKU and not > id-kp-serverAuthentication will not validate in Firefox 49 or later, > so those may be treated as technically constrained.
But I can't for the life of me think of any reason a CA should be creating such certs anyway... Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
