On Mon, Jul 31, 2017 at 7:17 AM, Jakob Bohm via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
> On 31/07/2017 16:06, Gervase Markham wrote:
>> On 31/07/17 15:00, Jakob Bohm wrote:
>>> - Due to current Mozilla implementation bugs,
>> Reference, please?
> I am referring to the fact that EV-trust is currently assigned to roots,
> not to SubCAs, at least as far as visible root store descriptions go.
> Since I know of no standard way for a SubCA certificate to state if it
> intended for EV certs or not, that would cause EV-trust to percolate
> into SubCAs that were never intended for this purpose by the root CA.

This is common to every EV implementation I know about, not just
Mozilla.  Therefore I would not call this a bug.

dev-security-policy mailing list

Reply via email to