Which "above paragraph" is being referenced in the following excerpt from Section 5.3.1 of the Mozilla Root Store Policy v.2.5 (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/)?
"Instead of complying with the above paragraph, intermediate certificates issued before 22nd June 2017 may, until 15th January 2018, comply with the following paragraph: If the certificate includes the id-kp-emailProtection extended key usage, then all end-entity certificates MUST only include e-mail addresses or mailboxes that the issuing CA has confirmed (via technical and/or business controls) that the subordinate CA is authorized to use." I interpret that "the above paragraph" means the following paragraph: "5.3 Intermediate Certificates All certificates that are capable of being used to issue new certificates, and which directly or transitively chain to a certificate included in Mozilla's CA Certificate Program, MUST be operated in accordance with this policy and MUST either be technically constrained or be publicly disclosed and audited." Thanks, Ben Wilson Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy