I'd like to remind CAs of Mozilla's disclosure requirement for unconstrained intermediate CA certificates:
The CA with a certificate included in Mozilla’s root program MUST disclose > this information within a week of certificate creation, and before any such > subordinate CA is allowed to issue certificates. > Certwatch currently lists 21 certificates issued by 5 member CAs. All but 2 of these certificates appear to be non-compliant: https://crt.sh/mozilla-disclosures#undisclosed - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy