On 21/11/16 19:01, Brian Smith wrote: > In another message in this thread, I suggested one way to mark intermediate > certificates as meeting the criteria of an name-constrained > externally-operated sub-CA that uses certificate policy OIDs. That proposed > mechanism also ensures externally-operated sub-CAs comply with Mozilla's > technical requirements (e.g. SHA-1 deprecation and future deprecations or > transisitions).
I confess I didn't follow all the details of that proposal, or its ramifications; could you write it up in a document or wiki page somewhere, where it can be commented on, expanded and updated as questions and clarifications arise? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
