"'Dana Keeler' via [email protected]" <[email protected]> wrote:
> Certificate Transparency is now enforced on all desktop platforms. This is great news! Could you clarify how this applies to custom CAs? The language in your email could, I believe, be interpreted in different ways: > This means that Firefox now requires that TLS web > server certificates issued from roots in Mozilla's > Root CA program This part suggests to me that this _only_ applies to the CAs in the root program as shipped by Mozilla. I.e., if I add my custom CA, certs issued by that will _not_ be subject to this requirement. > However, if you were making use of policies to > exempt certain internal certificates or domains from > CT, you will need to apply those policies to Firefox > as well. But this statement suggests that for my custom CA I _do_ need to take action. Sorry if this is obvious to everybody else, but if you could clarify, that'd be much appreciated. Thanks! -Jan -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/Z6KDj2BzWKxgj8eo%40netmeister.org.
