On Monday, March 9, 2020 at 2:48:56 PM UTC-4, Kathleen Wilson wrote: > * The root contains subject L and organizationIdentifier fields which > are arguably in violation of BR 7.1.4.3 [5]. Some, if not all, of the > subCAs also exhibit this issue.
Given that Mozilla explicitly encourages CAs to provide detailed identity information in subCA/root certificates on its Forbidden or Problematic Practices Wiki page [1], I don't see how including these additional subject fields would run afoul of Mozilla Root Policy, especially considering that the example given on the Wiki page includes the OU subject RDN. What is Mozilla's expectation for subject field encoding, considering the discussion in the CAB Forum and the aforementioned Wiki page? Thanks, Corey [1] https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Generic_Names_for_CAs _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
