On 5/6/14, 5:39 PM, Brian Smith wrote:
On Tue, May 6, 2014 at 3:48 PM, Kathleen Wilson <kwil...@mozilla.com> wrote:
It has been brought to my attention that the above statement is very
difficult to understand.
<snip>
Any preference?
Let's just fix bug 989051 so that we can remove this statement completely.
It makes more sense to fix our bugs than it does to wordsmith a suggestion
to CAs for how to work around our bugs. The other things we're asking CAs
to do are actual problematic practices that need to be addressed, and we're
better off letting them focus on those things than to work around our bugs.
Cheers,
Brian
That makes sense.
I've removed the following from
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
--
5. A certificate will not be considered an EV certificate if
mozilla::pkix cannot build a path to a trusted root that does not
contain any certificates with the inhibitAnyPolicy extension. However,
such certificates will still validate as non-EV as long as there are no
non-policy-related issues. bug 989051
--
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy