RE: Updating Mozilla's CA Certificate Policy

Hi Brian, Apologies for the delay in responding as I was on vacation at the end of last week. The answer for GlobalSign (and I suspect some of the other CA's) to the pathLengthConstraint questions should be that we are compliant for 2 and 3. I blame my lack of knowledge on this attribute at an

Re: Remove Roots used for only Email and CodeSigning?

On 2015-09-03 20:22, Kathleen Wilson wrote: 2) Remove included root certs that only have the Code Signing trust bit enabled. To our knowledge, no one is using such root certs via the NSS root store. I'm wondering how you currently support things like java applets. As far as I understand for

Re: Remove Roots used for only Email and CodeSigning?

On Thursday 03 September 2015 11:22:26 Kathleen Wilson wrote: > 2) Remove included root certs that only have the Code Signing trust > bit enabled. To our knowledge, no one is using such root certs via > the NSS root store. I'm not familiar with the project, but Fedora Shared System

Re: Remove Roots used for only Email and CodeSigning?

On Fri, Sep 4, 2015 at 4:53 AM, Gervase Markham wrote: > On 03/09/15 19:22, Kathleen Wilson wrote: > > 2) Remove included root certs that only have the Code Signing trust bit > > enabled. To our knowledge, no one is using such root certs via the NSS > > root store. > > This