On Thu, Feb 06, 2020 at 08:54:04PM +0000, Doug Beattie via dev-security-policy wrote: > It's not against Mozilla policy to > issue certificates with unvalidated email addresses in any field as long as > the Secure Mail EKU is not included, so the intent should be to validate > only those that are used for Secure Mail.
Any field in the certificate should be validated. If it contains an email address, it should be validated. If it's not validated, it should get removed. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy