On 12/04/17 10:47, Gervase Markham wrote: > We don't have any "Email BRs" to refer to, but I think we want something > like this: > > "If the certificate includes the id-kp-emailProtection extended key > usage, it MUST include the Name Constraints X.509v3 extension with > constraints on rfc822Name, with at least one name in permittedSubtrees."
Adopted as proposed. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
