On Mon, Jul 31, 2017 at 7:17 AM, Jakob Bohm via dev-security-policy <firstname.lastname@example.org> wrote: > On 31/07/2017 16:06, Gervase Markham wrote: >> >> On 31/07/17 15:00, Jakob Bohm wrote: >>> >>> - Due to current Mozilla implementation bugs, >> >> >> Reference, please? >> > > I am referring to the fact that EV-trust is currently assigned to roots, > not to SubCAs, at least as far as visible root store descriptions go. > > Since I know of no standard way for a SubCA certificate to state if it > intended for EV certs or not, that would cause EV-trust to percolate > into SubCAs that were never intended for this purpose by the root CA.
This is common to every EV implementation I know about, not just Mozilla. Therefore I would not call this a bug. Thanks, Peter _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy