And they will mislead relying parties. Which is why you cannot use *this*
particular extension. Sorry, that ship sailed in 2005.
A CA that would be remotely be considering exercising this clause would
strongly benefit from checking with the Root stores they’re in, no matter
the extension
The language of the BRs is pretty permissive. Assuming Mozilla didn't update
its policy, then issuance would be permitted if the CA can show that the
following was false:
b. semantics that, if included, will mislead a Relying Party about the
certificate information verified by
the CA (such as
Alternatively:
There is zero reason these should be included in publicly trusted certs
used for TLS, and ample harm. It is not necessary nor essential to securing
TLS, and that should remain the utmost priority.
CAs that wish to issue such certificates can do so from alternate
hierarchies. There
We've beaten the stuffing out of Logotype, imho.
- CAs want to add it
- Root stores don't
- The BRs permit it (probably).
- I'll report you to the DoJ,
- I'll revoke our Roots,
- bla bla bla
My personal view is that CAs should be able to include data in extensions as
long as they document how
4 matches
Mail list logo
