On 09/11/16 10:43, Kurt Roeckx wrote: > On 2016-11-09 10:58, Gervase Markham wrote: >> At the moment, Firefox recognises an EE cert as a server cert if it has >> an EKU extension with id-kp-serverAuth, or if it has no EKU at all. > > So not when the anyExtendedKeyUsage is present?
No. I believe we discovered we don't support that. >> Since the very first version of the BRs[1], EKU and id-kp-serverAuth >> has been mandatory for EE server certificates. > > I can't actually find this anymore in the current BRs. Section 7.1.2.3. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
