Re: Policy 2.7 Proposal: Require EKUs in End-Entity Certificates

On Fri, Apr 19, 2019 at 01:22:59PM -0700, Wayne Thayer via dev-security-policy wrote: > Okay, then I propose adding the following to section 5.2 "Forbidden and > Required Practices": > > Effective for certificates issued on or after April 1, 2020, end-entity > certificates MUST include an EKU

Re: Policy 2.7 Proposal: Require EKUs in End-Entity Certificates

On Wed, Apr 17, 2019 at 5:05 PM Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > For what it is worth I agree with Brian. > > I would go a bit further and say certificates need to be issued for > explicit usages anything else produces potentially unknown

Policy 2.7 Proposal:Extend Section 8 to Encompass Subordinate CAs

Ryan Sleevi made the following proposal: Issue #122 [1] previously discussed Section 8 in the context of subordinate > CAs, with a change [2] being made to include subordinate CAs (in the > context of Section 5.3.2) within scope of notification requirements. > > However, as presently worded, it's