Kathleen, Can you explain how policy 2.4 applies to existing CAs with respect to being Technically Constrained?
This is my understanding: - Under policy 2.3 a CA that is technically constrained with EKU set to only secure email but without name constraints was considered out of scope of the Mozilla Policy. - Policy 2.4.1 adds a requirement that for the CA to be out of scope of the Mozilla policy the CA needs to have name constraints if the CA is capable of issuing secure email certificates. Is this accurate? If so, when does this new requirement apply to existing CAs? Doug > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+doug.beattie=globalsign....@lists.mozilla.org] On Behalf Of Kathleen > Wilson via dev-security-policy > Sent: Tuesday, April 4, 2017 4:13 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Next CA Communication > > On Tuesday, April 4, 2017 at 10:38:28 AM UTC-7, Kathleen Wilson wrote: > > > > The email has been sent, and the survey is open. > > > > > Published a security blog about it: > https://blog.mozilla.org/security/2017/04/04/mozilla-releases-version-2-4-ca- > certificate-policy/ > > Cheers, > Kathleen > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
