On 29/10/16 22:23, Han Yuwei wrote: > Is SM2 acceptable in publicy-trusted CAs? I don't think so.
No; the BRs list the permitted algorithms, and SM2 is not one of them. > Maybe Gerv could explain more about this. And I am wondering what can > CA do if government requirement conflicts with Mozilla's policy? It may well be a government requirement that Chinese CAs be able to issue SM2 certificates. However, no-one has yet demonstrated that it's a requirement that they do so from specific roots (i.e. the ones trusted by the major root stores). Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy