On Wed, Nov 9, 2016 at 1:58 AM, Gervase Markham <[email protected]> wrote: > So, it is now possible to change Firefox to mandate the presence of > id-kp-serverAuth for EE server certs from Mozilla-trusted roots? Or is > there some reason I've missed we can't do that?
Here are some certs that appear to be for server authentication but don't have that EKU: https://crt.sh/?id=10621190 https://crt.sh/?id=32333854 https://crt.sh/?id=10621157 https://crt.sh/?id=12283906 https://crt.sh/?id=12797412 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
