I've added a page to our wiki that describes how Firefox determines if a particular website received the EV UI: https://wiki.mozilla.org/CA/EV_Processing_for_CAs
I mentioned this at the last CA/Browser Forum meeting and I hope it is useful to CAs - especially those who are dealing with cross-signing and legacy hierarchies. Since there were no comments about requiring the use of the CA/Browser Forum EV OID, we've left it as 'strongly encouraged', but I added it to our issues list for the Root Store Policy: https://github.com/mozilla/pkipolicy/issues/160 - Wayne On Thu, Sep 20, 2018 at 1:55 PM Wayne Thayer <wtha...@mozilla.com> wrote: > Hi Nick, > > Good question. Mozilla is currently strongly encouraging CAs to use the > CAB Forum EV OID, but not requiring it. I would be interested to hear > arguments for or against requiring the use of the CAB Forum EV OID in > future Mozilla root store updates. Requiring this might eventually solve > some of the problems we're seeing when roots are acquired or cross-signed > [1]. To be clear, at this time I'm only thinking about new inclusions or EV > enablement, not changing OIDs for existing EV capable roots. > > - Wayne > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1486838 > > On Thu, Sep 20, 2018 at 1:49 AM Nick Lamb via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> On Tue, 18 Sep 2018 17:53:34 -0700 >> Wayne Thayer via dev-security-policy >> <dev-security-policy@lists.mozilla.org> wrote: >> >> > ** EV Policy OID: 2.23.140.1.1 >> >> This reminds me of a question I keep meaning to ask. I know Microsoft >> has been trying to get CAs to use 2.23.140.1.1 for EV and knock it off >> with the arbitrary policy OIDs, does Mozilla have any policy on that? >> >> >> >> _______________________________________________ >> dev-security-policy mailing list >> dev-security-policy@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-security-policy >> > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
