Should it say "final certificate" in this bullet? On Thu, Apr 21, 2022 at 11:15 AM Jacob Hoffman-Andrews <[email protected]> wrote:
> On Wed, Apr 20, 2022 at 6:19 AM Andrew Ayer <[email protected]> wrote: > >> As I understand it, the goal of this bullet point is not to add an >> exception to misissuance, but to make sure that there is zero ambiguity >> that incidents like the following are misissuances: >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1677737 > > > This is useful context, thanks. FWIW, I don't think the current wording > achieves that goal, since it is still quite hard to parse, even for someone > who understands the requirements and how they interact. > > Here's another take: > > - "It is mississuance to issue a certificate based on a precertificate if > they do not exactly match each other according to RFC 6962 section 3.1. A > certificate is 'based on' a precertificate if they have the same serial and > issuer, or they have the same serial and the certificate's issuer matches > the precertificate's issuer's issuer." > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYj9X0bTEO2iUgg-RE9r7et5DZ4ooJmRGV4R4pw3B4wjg%40mail.gmail.com.
