On Thu, Mar 8, 2018 at 10:57 AM, YairE via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Hi everyone, > > I tried to dive into the best certificate structure and there are two > things that bother me: > > In both the CA\B F BR and the EV guidelines it clearly states that the > SubjectCN is deprecated, so I learn from that that the best subscriber > certificate structure would simply not include this field > I did a small survey and I couldn’t find not even one certificate without > the SubjectCN - so my question is: > should we issue certificates without this field? why doesn’t any other CA > has removed this field? > See https://cabforum.org/pipermail/public/2017-October/012321.html > > In addition - the CertificatePolicies extension: > It says in the BR and the EV guidelines that this extension MUST appear at > a subscriber certificate > yet I failed to find this extension in any EV certificate I checked... > Can you provide an example? Every single EV cert I've ever seen has included this. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy