在 2016年10月30日星期日 UTC+8下午10:26:57,[email protected]写道: > 1, It’s not true. CFCA's RSA root that included in Mozilla is not able to > issue sm2 certificate with sm3 hash. CFCA do have sm2 root that issue sm2 > certificate but that root is not included in Mozilla or any other root store > such as Apple, Microsoft or Google. And our CPS never indicate that our RSA > root is able to issue sm2 certificate. It is impossible. > 2, The signing key and encrypting key issue is a standard relate to > Chinese double certificate, which is different from ssl, codesigning and > email certificate. CFCA's root that included in Mozilla, Google and Apple is > never able to issue this kind of certificate. > 3, CFCA OV certificate have a longest valid period of 3 years. EV > certificate have a longest valid of 2 years. There is no root of CFCA that > included in Mozilla, Google and Apple can issue 5 year long certificate. > Please note that the sub root that use to be able to issue 5 year long > certificate is the GT root, which is a sha1 root that we already turned off. > This root issue 0 certificate after 2016 Jan 1, and this root is never > included in Mozilla, Apple and Google.
So why I didn't see these statements in the CPS or in the website? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
