My personal opinion is that cross-EKU chimeras should not exist.  I realize 
they’re extremely common in the industry, but they’re bad.


DigiCert has had a long and vigorous internal discussion about the correct 
number of EKUs in a certificate.  I’m a strong proponent of the “exactly one” 
position, but other people have differing opinions.


I see Ryan agreeing; I think we should do whatever we can to make sure the 
Working Groups have disjoint and clearly defined scopes.




From: Moudrick M. Dadashov [] 
Sent: Thursday, May 17, 2018 7:30 PM
To: Tim Hollebeek <>; CA/Browser Forum Public 
Discussion List <>
Subject: Re: [cabfpub] For Discussion: S/MIME Working Group Charter


Email server certificates not included?


On 5/18/2018 1:49 AM, Tim Hollebeek via Public wrote:

Oops, missed a spot:


1. To specify S/MIME Baseline Requirements, Extended Validation Guidelines, 
Network and Certificate System Security Requirements, and other acceptable 
practices for the issuance and management of S/MIME certificates used to sign 
and encrypt emails.


Public mailing list <>


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Public mailing list

Reply via email to