* The existence of this end-run around the system is why the current
version of the BRs says "whether a Root CA Certificate or Subordinate CA
Certificate". It's functionally impossible to truly distinguish between Roots
and Intermediates (many or most CA keypairs are represented by both),
All,
Over the past couple of weeks (after my previous email on July 27), I have
made additional changes to the proposed MRSP v. 2.9, based on a more
thorough review of the document and comments received.
If you would like to review those more recent changes, they are shown in
the following link:
(Apologies if you're seeing this twice, the thread got accidentally forked.)
Hi all,
Thanks to some off-list / backchannel conversations, I think I have a
better understanding of what's going on here.
Structurally, there is zero difference between:
A) A keypair which is intended to be a Root,
[Re-sending because my mail client accidentally dropped the list address]
Corey,
The "corresponding root certificate" does not need to be included in the
Mozilla Root Program which allows cross signing of CAs that are in the
inclusion process.
Thanks,
Dimitris.
Aug 8, 2023 23:27:13