On 8/20/14, 5:57 PM, Ryan Sleevi wrote:
Regarding Whole-Population BR Audit of Intermediate Certs, since the BRs
are for SSL certs, this should probably only apply to intermediate certs
that are capable of issuing SSL certs.
Agreed, which will require a definition of capability. This was discussed
during the Mountain View F2F in the Forum though, and roughly aligns with
"Anything browsers recognize as SSL capable" (something Mozilla's policy
already explores)
Updated
https://wiki.mozilla.org/CA:BaselineRequirements#Whole-Population_Audit_of_Intermediate_Certs
to "intermediate certificates that are capable of issuing SSL certs."
Regarding auditing for things in RFC 5280...
Added: https://wiki.mozilla.org/CA:BaselineRequirements#RFC_5280
It includes the information you provided.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy