This new version of the policy won’t be completed until after 15-April, which is the revised deadline for disclosure and auditing of unconstrained email subordinates. I propose removal of the following exception from section 5.3.1:
Instead of complying with the above paragraph, intermediate certificates > issued before 22nd June 2017 may, until 15th January 2018, comply with the > following paragraph: > > If the certificate includes the id-kp-emailProtection extended key usage, > then all end-entity certificates MUST only include e-mail addresses or > mailboxes that the issuing CA has confirmed (via technical and/or business > controls) that the subordinate CA is authorized to use. > This is: https://github.com/mozilla/pkipolicy/issues/120 ------- This is a proposed update to Mozilla's root store policy for version 2.6. Please keep discussion in this group rather than on GitHub. Silence is consent. Policy 2.5 (current version): https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
