Hello everyone, In response to the questions raised:
AC FNMT Usuarios do not issue TLS / SSL certificates, as evidenced by the attached document: Audit Attestation - ETSI Assestment 2017, FNMT CA's and TSU's. Regarding anyExtendedKeyUsage EKU, since January 2017 it is no longer incorporated into the certificates issued by AC FNMT Usuarios so it should not be possible to use it for TLS server authentication. In this sense the certificate indicated in this incident was issued prior to the change indicated. Taking these considerations into account, FNMT considers that a revocation of the intermediate CA by OneCRL is not necessary. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy