On 18/11/16 14:16, Doug Beattie wrote: > Gerv, > > Are you specifically concerned about the id-kp-emailProtection and > what needs to be combined with that, or is the issue what's the total > set of EKUs that might be needed? In other words, do you care less > if a CA has all of the below except id-kp-emailProtection?
Well, it doesn't sound very sensible to me, but I'm not sure why Mozilla's policy would care :-) > By the way, we have the same challenge with our SSL CAs - there's a > set of EKUs we'd like to include in SSL certs to support Domain > Controllers and VPN servers. Are we still talking about SHA-1 issuance here? I don't think Mozilla has EKU restrictions for non-SHA-1 issuance... Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
