Jakob, On Thu, Nov 12, 2020 at 10:39 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > How would that phrasing cover doppelgangers of intermediary SubCAs under > an included root CA? > > > To clarify, the title of section 5.3 is "Intermediate Certificates". Also, both subsection (1) and (2) under the proposed amendment reference "intermediate certificates" - "(1) ...the Subject Distinguished Name in a CA certificate or *intermediate certificate* that is in scope according to section 1.1 of this Policy" and "(2)... corresponding Public Key is encoded in the SubjectPublicKeyInfo of that CA certificate or *intermediate certificate*." And finally, additional language would try and make this clear by saying, "Thus, these requirements also apply to so-called reissued/doppelganger CA certificates (roots *and intermediates*) and to cross-certificates." I hope this answers your question. Sincerely, Ben _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy