Hi Nick, Good question. Mozilla is currently strongly encouraging CAs to use the CAB Forum EV OID, but not requiring it. I would be interested to hear arguments for or against requiring the use of the CAB Forum EV OID in future Mozilla root store updates. Requiring this might eventually solve some of the problems we're seeing when roots are acquired or cross-signed [1]. To be clear, at this time I'm only thinking about new inclusions or EV enablement, not changing OIDs for existing EV capable roots.
- Wayne [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1486838 On Thu, Sep 20, 2018 at 1:49 AM Nick Lamb via dev-security-policy < [email protected]> wrote: > On Tue, 18 Sep 2018 17:53:34 -0700 > Wayne Thayer via dev-security-policy > <[email protected]> wrote: > > > ** EV Policy OID: 2.23.140.1.1 > > This reminds me of a question I keep meaning to ask. I know Microsoft > has been trying to get CAs to use 2.23.140.1.1 for EV and knock it off > with the arbitrary policy OIDs, does Mozilla have any policy on that? > > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
