On 10/16/20 11:26 PM, Ryan Sleevi wrote:
Because of this, it seems that there is a simpler, clearer, unambiguous
path for CAs that seems useful to move to:
- If a CA is trusted for purpose X, that certificate, and all subordinate
CAs, should be audited against the criteria relevant for X
I am in favor of this approach for a future version of Mozilla's Root
Store Policy, but I prefer not to try to tackle it in this v2.7.1
update. So I filed a github issue to remind us to consider this in the
next version:
https://github.com/mozilla/pkipolicy/issues/220
I have added a section called "EV TLS Capable" to the wiki pages, and I
will appreciate feedback on it:
https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable
For this MRSP Issue #152 update to v2.7.1, I propose that we make each
occurrence of "capable of issuing EV certificates" link to
https://wiki.mozilla.org/CA/EV_Processing_for_CAs#EV_TLS_Capable
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
