Hi all,
The https://wiki.mozilla.org/CA:NameConstraints discussion is all about SSL.
My post earlier on in this thread was to ensure we cover SSL and S/MIME
differently due to the reality of the different threat models.
I agree that adding a ccTLD to a
On 2015-11-11 19:46, Steve Roylance wrote:
Hypothetically, a government organization wishing to issue S/MIME
certificates to citizens on a range of ccTLD based domains could be
technically constrained through the inclusion of EKU's
I just wondering how you would imagine this would work. Would
> -Original Message-
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve.roylance=globalsign@lists.mozilla.org] On Behalf Of Kurt
> Roeckx
> Sent: 12 November 2015 11:41
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Clarify that a ccTLD is not
On 10/11/2015 10:08 μμ, Kathleen Wilson wrote:
All,
I have been asked to consider updating Mozilla's CA Certificate Policy
to clarify that a ccTLD is not acceptable in permittedSubtrees for
technically constraining subordinate CA certs.
In section 7.1.5 of version 1.3 of the Baseline
4 matches
Mail list logo
