info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Policy 2.7.1: MRSP Issue #147 - Require EV audits for certificates capable of issuing EV certificates
70 views
Skip to first unread message
Ben Wilson
Jan 21, 2021, 5:10:32 PM1/21/21
to dev-secur...@lists.mozilla.org
I've updated the subject line for this thread so that it is consistent with
the other issues. Also, as an update to what we are considering to address
this issue, we are looking at pointing to existing language here:
https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable.
On Thu, Nov 12, 2020 at 11:23 AM Ben Wilson <bwi...@mozilla.com> wrote:
>
> On Thu, Nov 12, 2020 at 2:03 AM Dimitris Zacharopoulos via
> dev-security-policy <dev-secur...@lists.mozilla.org> wrote:
>
>> I see that this is related to
>> https://github.com/mozilla/pkipolicy/issues/152, so I guess Mozilla
>> Firefox does not enable "EV Treatment" if an Intermediate CA Certificate
>> does not assert the anyPolicy or the CA's EV policy OID, including the
>> CA/B Forum EV OID, regardless of what the end-entity certificate asserts.
>>
>> That's correct.
>
the other issues. Also, as an update to what we are considering to address
this issue, we are looking at pointing to existing language here:
https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable.
On Thu, Nov 12, 2020 at 11:23 AM Ben Wilson <bwi...@mozilla.com> wrote:
>
> On Thu, Nov 12, 2020 at 2:03 AM Dimitris Zacharopoulos via
> dev-security-policy <dev-secur...@lists.mozilla.org> wrote:
>
>> I see that this is related to
>> https://github.com/mozilla/pkipolicy/issues/152, so I guess Mozilla
>> Firefox does not enable "EV Treatment" if an Intermediate CA Certificate
>> does not assert the anyPolicy or the CA's EV policy OID, including the
>> CA/B Forum EV OID, regardless of what the end-entity certificate asserts.
>>
>> That's correct.
>
0 new messages