On 17/05/16 07:09, Miskovic Peter wrote:
Hi Rob,
there are two intermediate certification authorities on your missing list (CA
Disig I2 Certification Service and CA Disig I1 Certification Service) which are
no more capable to issue a new SSL certificate and which are no more directly
chain to a certificate included in Mozilla's CA Certificate Program.
According to the Mozilla CA Certificate Inclusion Policy (Version 2.2):
"All certificates that are capable of being used to issue new certificates, and
which directly or transitively chain to a certificate included in Mozilla's CA
Certificate Program, MUST be operated in accordance with Mozilla's CA Certificate Policy
and MUST either be technically constrained or be publicly disclosed and audited."
The root for that intermediates (CA Disig) was removed from Mozilla's CA
Certificate Program (see https://bugzilla.mozilla.org/show_bug.cgi?id=1247711)
due the expiration.
Peter, thanks for pointing that out.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
