On 08/12/16 20:46, Gervase Markham wrote: > We want to change the policy to make it clear that whether a cert is > covered by our policy or not is dependent on whether it is technically > capable of issuing server certs, not whether it is intended by the CA > for issuing server certs. > > Until we change Firefox to require id-kp-serverAuth, the policy will > define "capable" as "id-kp-serverAuth or no EKU". > > This involves a number of wording tweaks; the full set of changes are here: > https://github.com/mozilla/pkipolicy/compare/issue-27
Resolution: latest version of this branch merged. Thanks to everyone for helping improve the wording; I think what we have now will suffice. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
