subject:"Fixing the BR scope \(was Re\: More SHA\-1 certs\)"

Re: Fixing the BR scope (was Re: More SHA-1 certs)

2016-03-07 Thread Eric Mill

or for all CABF members to consider when creating the BRs. -- Eric > > -Original Message- > From: Rob Stradling [mailto:rob.stradl...@comodo.com] > Sent: Monday, March 7, 2016 4:04 AM > To: Jeremy Rowley > Cc: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Fix

RE: Fixing the BR scope (was Re: More SHA-1 certs)

2016-03-07 Thread Jeremy Rowley

...@lists.mozilla.org Subject: Fixing the BR scope (was Re: More SHA-1 certs) On 04/03/16 23:41, Jeremy Rowley wrote: > > My fix is much simpler (because the BRs have traditionally avoided requiring reissuance of sub CAs). Require that all certs with serverauth, anyEKU, or no EKU be covered by the BR

Fixing the BR scope (was Re: More SHA-1 certs)

2016-03-07 Thread Rob Stradling

On 04/03/16 23:41, Jeremy Rowley wrote: > My fix is much simpler (because the BRs have traditionally avoided requiring reissuance of sub CAs). Require that all certs with serverauth, anyEKU, or no EKU be covered by the BRs. CAs required to issue certs that are covered but cannot conform