I don't think it's a cross-EKU situation, though, but I'm glad we're in agreement.
An email server certificate is an id-kp-serverAuth EKU. That's already covered by another WG On Thu, May 17, 2018 at 7:49 PM, Tim Hollebeek via Public < [email protected]> wrote: > My personal opinion is that cross-EKU chimeras should not exist. I > realize they’re extremely common in the industry, but they’re bad. > > > > DigiCert has had a long and vigorous internal discussion about the correct > number of EKUs in a certificate. I’m a strong proponent of the “exactly > one” position, but other people have differing opinions. > > > > I see Ryan agreeing; I think we should do whatever we can to make sure the > Working Groups have disjoint and clearly defined scopes. > > > > -Tim > > > > *From:* Moudrick M. Dadashov [mailto:[email protected]] > *Sent:* Thursday, May 17, 2018 7:30 PM > *To:* Tim Hollebeek <[email protected]>; CA/Browser Forum Public > Discussion List <[email protected]> > *Subject:* Re: [cabfpub] For Discussion: S/MIME Working Group Charter > > > > Email server certificates not included? > > Thanks, > M.D. > > On 5/18/2018 1:49 AM, Tim Hollebeek via Public wrote: > > Oops, missed a spot: > > > > 1. To specify S/MIME Baseline Requirements, Extended Validation > Guidelines, Network and Certificate System Security Requirements, and other > acceptable practices for the issuance and management of S/MIME certificates > used to sign and encrypt emails. > > > > > > > _______________________________________________ > > Public mailing list > > [email protected] > > https://cabforum.org/mailman/listinfo/public > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
