On 12/07/17 21:18, Ben Wilson wrote: > For CAs with emailProtection and proper name constraints, where would such > CAs appear in <https://crt.sh/mozilla-disclosures> > https://crt.sh/mozilla-disclosures? > <https://crt.sh/mozilla-disclosures#constrainedother> > https://crt.sh/mozilla-disclosures#constrainedother ? Or a new section of the > list, yet to be determined?
I believe Rob has now split the list into two. > And for CAs where EKU contains emailProtection, what are the programmatic > criteria that determine whether the CA will be in such list as properly name > constrained, since the Baseline Requirements don’t cover email certificates? > (Presumably, a properly name-constrained email CA would not require any > audit.) Rob would be able to say. But the criteria for whether an email intermediate is properly name constrained are in Mozilla policy 2.5. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy