On Mon, Mar 27, 2017 at 9:45 AM, tpg0007--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On https://pki.goog, all 5 of Google's newer subCAs have Extended Key
> Usage extension of serverAuth and clientAuth, unusual for CAs but not
> forbidden I guess. Their Key Usage e
On https://pki.goog, all 5 of Google's newer subCAs have Extended Key Usage
extension of serverAuth and clientAuth, unusual for CAs but not forbidden I
guess. Their Key Usage extension contains the expected cert and CRL sign bits.
Put together though they appear to be noncompliant with RFC 5280
2 matches
Mail list logo
