On Sat, Jul 11, 2020 at 1:18 PM Oscar Conesa via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> f) For CAs that DO have sole control of the keys: There is no reason to
> doubt the CA's ability to continue to maintain the security of these
> keys, so the CA could reuse the ke
2020-07-11 13:17 GMT-04:00 Oscar Conesa via dev-security-policy
:
> f) For CAs that DO have sole control of the keys: There is no reason to
> doubt the CA's ability to continue to maintain the security of these
> keys, so the CA could reuse the keys by reissuing the certificate with
> the same
As a summary of the situation, we consider that:
a) Affected certificates do not comply with the norm (EKU OCSPSigning
without OCSP-no-check extension). They are misissued and they must be
revoked
b) This non-compliance issue has potential security risks in case of key
compromise and/or mali
3 matches
Mail list logo