CAs,
Version 2.5 of the Mozilla Root Store Policy classifies
EKU=emailProtection intermediates as unconstrained when suitable name
constraints aren't present. As a result, such intermediates need to be
disclosed to the CCADB (although not until 15th January 2018 for those
intermediates issued before 22nd June 2017).
I've updated https://crt.sh/mozilla-disclosures to implement the new
disclosure rules.
P.S. Note that the CCADB's definition of technically constrained hasn't
yet been similarly updated, so you may still see this warning:
"This certificate is considered to be technically-constrained as per
Mozilla policy, so it does not need to be added to the CA Community in
Salesforce. All data that you enter into Salesforce will be publicly
available, so please make sure you do not enter sensitive information
that should not be published."
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
