Allowing a single cert to be used for both websites and code signing is a dangerous proposition. What is the current thinking among the community?
Original Message From: Kathleen Wilson Sent: Thursday, February 12, 2015 12:31 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: TurkTrust Root Renewal Request TurkTrust has applied to include the SHA-256 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" and "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" root certificates; turn on the Websites trust bit for both roots, turn on the Code Signing trust bit for the H5 root, and enable EV treatment for the H6 root. TurkTrust's SHA-1 root certificates were included in NSS via Bugzilla Bug #380635 and Bug #433845. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy