On Tue, May 28, 2019 at 1:03 PM Nick Lamb via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> If they shove an valid but nonsensical policy OID into a cert I don't know > what Mozilla policy about that would be, but certainly the browser and > common TLS clients will just ignore it altogether. > The relationship of such issues has been discussed in the past, in the context of T-Systems (e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1498463 and https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/x3s3CSKdIlY/o-oBBD7eAgAJ ) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy