Re: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2021-01-24 Thread Ben Wilson via dev-security-policy
In addition to the original proposal, I propose that we hyperlink "capable of issuing EV certificates" to https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable. On Thu, Nov 12, 2020 at 11:23 AM Ben Wilson wrote: > > On Thu, Nov 12, 2020 at 2:03 AM Dimitris Zacharopoulos via > dev-secu

Policy 2.7.1: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2021-01-21 Thread Ben Wilson via dev-security-policy
I've updated the subject line for this thread so that it is consistent with the other issues. Also, as an update to what we are considering to address this issue, we are looking at pointing to existing language here: https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable. On Thu, Nov 12

Re: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2020-11-12 Thread Ben Wilson via dev-security-policy
On Thu, Nov 12, 2020 at 2:03 AM Dimitris Zacharopoulos via dev-security-policy wrote: > I see that this is related to > https://github.com/mozilla/pkipolicy/issues/152, so I guess Mozilla > Firefox does not enable "EV Treatment" if an Intermediate CA Certificate > does not assert the anyPolicy or

Re: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2020-11-12 Thread Dimitris Zacharopoulos via dev-security-policy
On 12/11/2020 10:41 π.μ., Dimitris Zacharopoulos via dev-security-policy wrote: Finally, I would like to highlight that policy OID chaining is not currently supported in the webPKI by Browsers, so even if a CA adds a particular non-EV policyOID in an Intermediate CA Certificate, this SubCA woul

Re: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2020-11-12 Thread Dimitris Zacharopoulos via dev-security-policy
On 6/10/2020 11:38 μ.μ., Ben Wilson via dev-security-policy wrote: #147 - Require EV audits for certificates capable of issuing EV certificates – Clarify that EV audits are required for all intermediate certificates that are technically capable

AW: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2020-11-11 Thread Wiedenhorst, Matthias via dev-security-policy
) argue that "C" has not been issuing EV certs and hence no EV audits were necessary for that period. Best regards Matthias > -Ursprüngliche Nachricht- > Von: dev-security-policy Im > Auftrag von Ben Wilson via dev-security-policy > Gesendet: Dienstag, 6. Oktobe

MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates

2020-10-06 Thread Ben Wilson via dev-security-policy
#147 - Require EV audits for certificates capable of issuing EV certificates – Clarify that EV audits are required for all intermediate certificates that are technically capable of issuing EV certificates, even when not currently issuing EV certifi