On Wed, Apr 20, 2022 at 6:19 AM Andrew Ayer <[email protected]> wrote:
> As I understand it, the goal of this bullet point is not to add an > exception to misissuance, but to make sure that there is zero ambiguity > that incidents like the following are misissuances: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1677737 This is useful context, thanks. FWIW, I don't think the current wording achieves that goal, since it is still quite hard to parse, even for someone who understands the requirements and how they interact. Here's another take: - "It is mississuance to issue a certificate based on a precertificate if they do not exactly match each other according to RFC 6962 section 3.1. A certificate is 'based on' a precertificate if they have the same serial and issuer, or they have the same serial and the certificate's issuer matches the precertificate's issuer's issuer." -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAN3x4QnqOn6GR_VScb1GFyZb04%2BrOtrHt_7UbNawdNBYUvF7LA%40mail.gmail.com.
