Unless additional feedback is posted, I will include this change as
originally proposed in version 2.7 of our policy.
- Wayne
On Fri, Mar 29, 2019 at 11:23 AM Wayne Thayer wrote:
> On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org>
On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 28/03/2019 21:52, Wayne Thayer wrote:
> > Our current Root Store policy assigns two different meanings to the term
> > "technically constrained":
> > * in sections 1.1 and 3.1,
On 28/03/2019 21:52, Wayne Thayer wrote:
> Our current Root Store policy assigns two different meanings to the term
> "technically constrained":
> * in sections 1.1 and 3.1, it means 'limited by EKU'
> * in section 5.3 it means 'limited by EKU and name constraints'
>
> The BRs already define a
Hello,
related to this... I'd like to point out something that is bugging me...
Section 7.1.5 of the BR stipulates...
First paragraph: "For a Subordinate CA Certificate to be considered Technically
Constrained..."
Second paragraph: "If the Subordinate CA Certificate includes the
On Thu, Mar 28, 2019 at 7:14 PM Wayne Thayer wrote:
> The confusion that motivated the proposal was with the inconsistent
> definition of the term "technically constrained" in sections 1.1 and 5.3.
> It was not directly related to the BRs. My proposed changes take into
> account the definition
The confusion that motivated the proposal was with the inconsistent
definition of the term "technically constrained" in sections 1.1 and 5.3.
It was not directly related to the BRs. My proposed changes take into
account the definition in the BRs and attempt to avoid inconsistencies in
the context
On Thu, Mar 28, 2019 at 4:53 PM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Our current Root Store policy assigns two different meanings to the term
> "technically constrained":
> * in sections 1.1 and 3.1, it means 'limited by EKU'
> * in section 5.3 it
Our current Root Store policy assigns two different meanings to the term
"technically constrained":
* in sections 1.1 and 3.1, it means 'limited by EKU'
* in section 5.3 it means 'limited by EKU and name constraints'
The BRs already define a "Technically Constrained Subordinate CA
Certificate"
8 matches
Mail list logo