Dear Mozilla team, I have a clarification that I need to discuss with you please.
We have a 2-level CA hierarchy where the Root CA sits at the top level while Issuing CAs comes at the second level. As part of the regular issuing CA re-key, we are going to add technical constraints to all issuing CAs in order to have separate Issuer CAs for Server Authentication, Code Signing, and Time Stamping uses. That will be reflected to the Issuing CAs’ certificates as follows: Issuing CA EKU Devices Certification Authority serverAuth clientAuth Corporate Certification Authority clientAuth Microsoft Document Signing (1.3.6.1.4.1.311.10.3.12) Code Signing Certification Authority codeSigning Timestamping Certification Authority timeStamping According to our reading of Mozilla policy section 1.1, and given the above constraints; we assume that the Corporate Certification Authority and its underlying certificates (EE certificates) don’t fall under Mozilla’s scope. Could you please confirm? Kindly note that the rationale behind our question is that there cases where we will not be able to have an EKU in EE certificates issued by the Corporate Certification Authority when the purpose/use of certificate is not matching with any of the standard EKUs. Thank you in advance. Kind Regards, Mohamed Abdelshahid ???? ????????? Principal PKI Consultant T: +97144150400 P.O. Box 36996 M: +971566824278 Dubai, UAE E: [email protected] www.desc.gov.ae<https://www.desc.gov.ae/> [DXB-GOV-LOGO] [DESC-LOGO] <https://www.desc.gov.ae/> [YOUTUBE_LOGO] <https://www.youtube.com/channel/UCJSh32jri440gAkpcoaGcSg> [LINKEDIN_LOGO] <https://www.linkedin.com/company/descofficial/> [TWITTER_LOGO] <https://twitter.com/DESCOfficial/> [FB_LOGO] <https://www.facebook.com/DESCOfficial/> [INSTA_LOGO] <https://www.instagram.com/DESCOfficial/> Disclaimer: This email and any files transmitted with it may be confidential and contain privileged or copyright information. If you are not the intended recipient you must not copy, distribute or use this email or the information contained in it for any purpose other than to notify us of the receipt thereof, if you have received this message in error, please notify the sender immediately, and delete this email from your system. Please note that e-mails are susceptible to change, the sender shall not be liable for the improper or incomplete transmission of the information contained in this communication, nor for any delay in its receipt or damage to your system. The sender does not guarantee that this material is free from viruses or any other defects although due care has been taken to minimize the risk. Please consider your environmental responsibility before printing this e-mail. ????? ?????????: ?? ????????? ??????? ?? ??? ?????? ?????????? ??? ????? ????? ?? ?? ??????? ???? ??????? ???? ?? ????????? ??? ????? ??? ??????? ???? ?? ???? ?????. ?? ?? ??? ??? ???????? ??????? ??? ?????? ?????????? ????? ????? ????? ??? ?? ????? ?? ????? ????? ????????? ??? ????????? ??????? ???? ??? ??? ?? ???? ?? ???? ?????? ??????? ???????? ????? ?????? ?????? ????? ???? ?????? ?? ?????. ???? ????? ??? ?????? ?????????? ?? ???? ???? ???????? ???? ?? ???? ??????? ?????? ???????? ??? ?????? ????????? ?? ??? ?????? ????? ??? ?????? ?? ??????? ??? ???? ?? ????? ?? ?????? ?? ???? ?? ??? ?? ?????. ?? ???? ??? ????? ?????????? ?? ????? ??????? ?? ????? ????? ?? ?? ????? ?? ?????? ?? ???? ?????? ??? ?????? ??????????. ?? ???? ?? ???? ???????? ???????? ???? ?????? ??? ????? ??? ?????? ??????????. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/55dfa2e791e54c0995ddd7b13f14f610%40desc.gov.ae.
