The updated 2.6.1 version of the Mozilla Root Store policy resulting from this discussion is now published: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
- Wayne On Mon, Aug 6, 2018 at 3:28 PM Wayne Thayer <[email protected]> wrote: > Having received no comments on this proposal, I plan to go ahead and > publish version 2.6.1 of the Mozilla Root Store Policy with the third > paragraph of section 5.3 clarified as follows: > > Intermediate certificates created after January 1, 2019, with the > exception of cross-certificates that share a private key with a > corresponding root certificate: > * MUST contain an EKU extension; and, > * MUST NOT include the anyExtendedKeyUsage KeyPurposeId; and, > * MUST NOT include both the id-kp-serverAuth and id-kp-emailProtection > KeyPurposeIds in the same certificate. > > - Wayne > >> >> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
