On Fri, May 5, 2017 at 9:02 AM, Gervase Markham via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > On 04/05/17 21:58, Ryan Sleevi wrote: > > I asked Symantec what fields CrossCert had control over. Their answer is > here on page 3: > https://bug1334377.bmoattachments.org/attachment.cgi?id=8838825 > It says CrossCert (and so, presumably, the other RAs in the program) had > no control over the CP field, which is (AIUI) the one they'd need to > change in order to add an EV OID. If I've got this wrong, please tell me > ASAP.
Note footnote (1): "These attributes and extensions are static values configured in the certificate profile" We know that the RAs could use different certificate profiles, as certificates they approved had varying issuers, and "Issuer DN" has the same "No(1)" that CP has in the table in the doc you linked. I don't see any indication of what profiles each RA was allowed to use. It could be that Symantec provided one or more profiles to the RA that contained EV OIDs. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
