On Friday, 11 November 2016 19:51:28 UTC, Peter Bowen wrote: > EV is really hard to pin down. I purposefully avoided any discussion > of Certificate Policy and Policy Mappings extensions, as there is > little consistency in how they are handled in WebPKI. I could add a > clause that inclusion of 2.23.140.1.1 in a Certificate Policy > extension in an End-Entity certificate requires Extended Validation of > the subject, but that alone would skip many EV certs that should be in > scope.
Isn't it the case that Microsoft's root store policy demands 2.23.140.1.1 under their ongoing rule 4.A.15 ? I had sort-of assumed Mozilla would eventually take the same stance. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
