On Wed, Apr 12, 2017 at 5:57 AM, Ryan Sleevi via dev-security-policy <[email protected]> wrote: > > A certificate hash does provide distinct value. > > The certificate hash is what is desired. Yes, there could be multiple > certificates. But within the context of the scope of an audit and a > 'logical' CA, the auditor can and should be clear about what physical > certificates corresponded to the logical operations of that CA.
What portions of the certificate(s) naming that CA as the subject will impact the audit? As I see it, the only certificates that are relevant to the audit are those that have the CA as the issuer. It really doesn't matter who cross-signs the CA. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
