Frank Hecker wrote: > So the bottom line is that if a root CA is approved for EV, its > subordinate CAs do *not* automatically gain the ability to issue EV > certificates. Instead the root CA has to specifically enable a given > subordinate to be "EV-capable", by issuing it a CA certificate with the > necessary EV policy OID(s) included. > > Thanks for this information. However from our (Mozilla) point of view, the root can sign X CA certificates able to sign EV certificates (directly and indirectly). The OID requirement is just cosmetically in respect of the capabilities once a root is marked as EV, do I understand that correct?
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
