I went ahead and added this change to the 2.7 branch:
https://github.com/mozilla/pkipolicy/commit/1e7f4edb97c4497e2e04442797ebc670e9d80b44
I removed the phrase "In addition to existing rules placed on the structure
of CPs and CPSes that comply with the CA/Browser Forum Baseline
Requirements" becau
My conclusion from this discussion is that we should not add an explicit
requirement for EKUs in end-entity certificates. I've closed the issue.
- Wayne
On Tue, Apr 16, 2019 at 9:56 AM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tue, Apr 16, 2019 at 1
On Fri, Mar 29, 2019 at 11:59 AM Wayne Thayer wrote:
> On Thu, Mar 28, 2019 at 5:29 PM Ryan Sleevi wrote:
>
>>
>> On Thu, Mar 28, 2019 at 7:42 PM Wayne Thayer wrote:
>>
>>> On Thu, Mar 28, 2019 at 4:11 PM Ryan Sleevi wrote:
>>>
On Thu, Mar 28, 2019 at 6:45 PM Wayne Thayer via dev-security
Mozilla has decided that there is sufficient concern [1] about the
activities and operations of the CA Certinomis to collect together a list
of issues. That list can be found here:
https://wiki.mozilla.org/CA/Certinomis_Issues
Note that this list may expand or contract over time as issues are
inve
On Tue, Apr 16, 2019 at 12:41 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 16/04/2019 08:56, Tadahiko Ito wrote:
> > On Tuesday, April 2, 2019 at 9:36:06 AM UTC+9, Brian Smith wrote:
> >
> >> I agree the requirements are already clear. The problem is n
On 16/04/2019 08:56, Tadahiko Ito wrote:
On Tuesday, April 2, 2019 at 9:36:06 AM UTC+9, Brian Smith wrote:
I agree the requirements are already clear. The problem is not the clarity
of the requirements. Anybody can define a new EKU because EKUs are listed
in the certificate by OIDs, and anybody
On Tuesday, April 2, 2019 at 9:36:06 AM UTC+9, Brian Smith wrote:
> I agree the requirements are already clear. The problem is not the clarity
> of the requirements. Anybody can define a new EKU because EKUs are listed
> in the certificate by OIDs, and anybody can make up an EKU. A standard
> isn'
7 matches
Mail list logo