Disclosing unconstrained emailProtection intermediates to CCADB

CAs, Version 2.5 of the Mozilla Root Store Policy classifies EKU=emailProtection intermediates as unconstrained when suitable name constraints aren't present. As a result, such intermediates need to be disclosed to the CCADB (although not until 15th January 2018 for those intermediates

Re: WoSign new system passed Cure 53 system security audit

On Fri, Jul 07, 2017 at 06:12:58AM +, Danny 吴熠 via dev-security-policy wrote: > As per requirements, WoSign new issuing infrastructure has been completed > and passed the Cure 53 white box security audit successfully in June 27. > Cure53 is approved by Mozilla. The full audit report has

Final removal of trust in WoSign and StartCom Certificates

Hello M.D.S.P., We've posted the following update regarding Chrome's treatment of WoSign and StartCom certificates to Chromium's Security-dev and net-dev groups. I've included both links below in case you'd like to follow the discussion there.