On Tue, Jan 24, 2017 at 8:05 AM, Gervase Markham <[email protected]> wrote: > On 24/01/17 15:48, Peter Bowen wrote: >> I think it would be completely reasonable for Mozilla to require a >> commonName in an update to the policy. I thought it was there, but a >> CA pushed back on a cablint error about not having one a while ago and >> I wasn't able to find any proof it was required by any existing >> program policy. > > So, require commonName for all non-EE certificates?
Yes. All certificates with basicConstraints:cA having a true value must have a commonName type attribute in the subject (and only one attribute of the type commonName, to preempt end another discussion). _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
