Thanks, everyone, for your quick response. I have updated the following to indicate that section 7.1.4.2 of the BRs only applies to end-entity certs.
https://bugzilla.mozilla.org/show_bug.cgi?id=1099311#c19 https://github.com/kroeckx/x509lint/issues/18 https://wiki.mozilla.org/CA:TestErrors#CA.2FBrowser_Forum_Baseline_Requirements_Errors Gerv, I'm assuming that you will handle the policy (or BR?) update regarding the requirement for subject commonName to be present when basicConstraints:cA is true. I filed a request to add this check to the x509lint tool: https://github.com/kroeckx/x509lint/issues/19 Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
