(Sorry Ryan and Neil for the double-email, I accidentally omitted the list on the first email)
> As others have rightfully pointed out, if the EKU is present, it is a > delegated responder, full stop. For the certificate to be used as a delegated responder (as opposed to an issuer of OCSP responder certificates), wouldn't they also need a keyUsage value of digitalSignature? Thanks, Corey
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy