Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-04-15 Thread Wayne Thayer via dev-security-policy
Unless additional feedback is posted, I will include this change as originally proposed in version 2.7 of our policy. - Wayne On Fri, Mar 29, 2019 at 11:23 AM Wayne Thayer wrote: > On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org>

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-29 Thread Wayne Thayer via dev-security-policy
On Fri, Mar 29, 2019 at 4:32 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 28/03/2019 21:52, Wayne Thayer wrote: > > Our current Root Store policy assigns two different meanings to the term > > "technically constrained": > > * in sections 1.1 and 3.1,

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-29 Thread Jakob Bohm via dev-security-policy
On 28/03/2019 21:52, Wayne Thayer wrote: > Our current Root Store policy assigns two different meanings to the term > "technically constrained": > * in sections 1.1 and 3.1, it means 'limited by EKU' > * in section 5.3 it means 'limited by EKU and name constraints' > > The BRs already define a

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-29 Thread Pedro Fuentes via dev-security-policy
Hello, related to this... I'd like to point out something that is bugging me... Section 7.1.5 of the BR stipulates... First paragraph: "For a Subordinate CA Certificate to be considered Technically Constrained..." Second paragraph: "If the Subordinate CA Certificate includes the

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-28 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 28, 2019 at 7:14 PM Wayne Thayer wrote: > The confusion that motivated the proposal was with the inconsistent > definition of the term "technically constrained" in sections 1.1 and 5.3. > It was not directly related to the BRs. My proposed changes take into > account the definition

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-28 Thread Wayne Thayer via dev-security-policy
The confusion that motivated the proposal was with the inconsistent definition of the term "technically constrained" in sections 1.1 and 5.3. It was not directly related to the BRs. My proposed changes take into account the definition in the BRs and attempt to avoid inconsistencies in the context

Re: Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-28 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 28, 2019 at 4:53 PM Wayne Thayer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Our current Root Store policy assigns two different meanings to the term > "technically constrained": > * in sections 1.1 and 3.1, it means 'limited by EKU' > * in section 5.3 it

Policy 2.7 Proposal: Clarify Meaning of "Technically Constrained"

2019-03-28 Thread Wayne Thayer via dev-security-policy
Our current Root Store policy assigns two different meanings to the term "technically constrained": * in sections 1.1 and 3.1, it means 'limited by EKU' * in section 5.3 it means 'limited by EKU and name constraints' The BRs already define a "Technically Constrained Subordinate CA Certificate"