On Fri, May 5, 2017 at 9:18 AM, Gervase Markham <g...@mozilla.org> wrote: > On 05/05/17 17:09, Peter Bowen wrote: >> We know that the RAs could use different certificate profiles, as >> certificates they approved had varying issuers, and "Issuer DN" has >> the same "No(1)" that CP has in the table in the doc you linked. I >> don't see any indication of what profiles each RA was allowed to use. >> It could be that Symantec provided one or more profiles to the RA that >> contained EV OIDs. > > So the question to Symantec is: "did any of the RAs in your program have > EV issuance capability? If not, given that they had issuance capability > from intermediates which chained up to EV-enabled roots, what technical > controls prevented them from having this capability?" Is that right?
I do not see answers to those questions in any of the documents Symantec has attached to the bug. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy