On 14/03/2019 01:09, Peter Gutmann via dev-security-policy wrote: <snip> > I'd already asked previously whether any CA wanted to indicate publicly that > they were compliant with BR 7.1, which zero CAs responded to (I counted them > twice).
Peter, Mozilla Root Store Policy section 2.3 [1] requires CAs to conform to the latest version of the Baseline Requirements. So ISTM that until or unless a CA publicly states that they are non-compliant with BR 7.1, we should act as if that CA has publicly stated that they are compliant with BR 7.1. FWIW though, you can find a public statement from Sectigo at [2]. [1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#23-baseline-requirements-conformance [2] https://sectigo.com/blog/all-sectigo-public-certificates-meet-64-bit-serial-number-requirements -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
