Note that a parallel discussion is at mozilla.dev.tech.crypto.
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
I've filed a bug against myself (399214) to update the current Mozilla
CA certificate policy to address the issue of extended validation
certificates. Part of that process involves public discussion of exactly
what changes need to be made. Here are some quick thoughts of my own;
note that
Frank, thanks for addressing this issue!
Frank Hecker wrote:
As noted in the bug, I think an EV-enabled root CA cert is simply a
special case of root CA certs in general, so we don't need a whole new
separate policy. At the same time I don't want to revise every section
of the existing