On 28/11/16 13:50, Bruce Morton wrote:
> An issue is that if a SHA-1 intermediate certificate needs an EKU and
> we are not allowed to issue SHA-1 certificates per BR 7.1.3, then
> there is no fix.
All of this is discussing issuance outside the scope of the BRs anyway.
SHA-1 issuance is not
, November 25, 2016 10:42 AM
To: CABFPub <public@cabforum.org>
Cc: Gervase Markham <g...@mozilla.org>
Subject: Re: [cabfpub] Mozilla SHA-1 further restrictions (v3)
Here's v.3 for continued discussion. I feel we do need EKU restrictions in the
intermediate given what Erwann says about leve