On Fri, Jul 5, 2019 at 8:04 PM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I think my biggest concern is that there hasn't actual been any proof that
> this would mislead relying parties. You'd actual have to have Mozilla do
> something with it first.
I think my biggest concern is that there hasn't actual been any proof that this
would mislead relying parties. You'd actual have to have Mozilla do something
with it first. The general badness can apply to any extension in a cert. No
actual risk has been pointed out other than a CA may put
Based on this discussion, I propose adding the following statement to the
Mozilla Forbidden Practices wiki page [1]:
** Logotype Extension **
Due to the risk of misleading Relying Parties and the lack of defined
validation standards for information contained in this field, as discussed
here [2],
1. How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, a discussion in
mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the
time and date.
2019-07-05, 04:29 UTC: Internal quality assurance noticed the
4 matches
Mail list logo