On 31/07/2017 16:06, Gervase Markham wrote:
On 31/07/17 15:00, Jakob Bohm wrote:
It was previously stated in this newsgroup that non-SSLServer trust
would not be terminated, at least for now.

It was? Reference, please?

That was my general impression, I don't have a good way to search the
list for this.  I was just trying to be helpful.

- Due to current Mozilla implementation bugs,

Reference, please?

I am referring to the fact that EV-trust is currently assigned to roots,
not to SubCAs, at least as far as visible root store descriptions go.

Since I know of no standard way for a SubCA certificate to state if it
intended for EV certs or not, that would cause EV-trust to percolate
into SubCAs that were never intended for this purpose by the root CA.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
dev-security-policy mailing list

Reply via email to