On 02/06/17 17:07, Peter Bowen wrote: > Should Mozilla include a clear definition of "SSL certificates" in the > policy? And should it be based on technical attributes rather than > intent of the issuer?
Absolutely Yes to your second sentence :-). We do have a clear definition of what's in scope; however, we don't subclassify specifically into "SSL" and "email" except by implication from the EKU. And that leaves the question of what to do with anyEKU. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy