Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS-specific and S/MIME-specific Root CAs #279

Open
BenWilson-Mozilla opened this issue Jul 8, 2024 · 1 comment
Open

TLS-specific and S/MIME-specific Root CAs #279

BenWilson-Mozilla opened this issue Jul 8, 2024 · 1 comment
Labels
3.0 Mozilla Root Store Policy version 3.0

Comments

@BenWilson-Mozilla
Copy link
Collaborator

According to MRSP section 5.3, Intermediate CA certificates created after January 1, 2019, MUST NOT include both the id-kp-serverAuth and id-kp-emailProtection KeyPurposeIds in the same certificate. However, the MRSP is silent on whether the same principle should be applied to root certificates. A question has been raised regarding when Mozilla might require the submission of TLS-specific or S/MIME-specific root CA certificates for inclusion. If such a requirement is planned, we need clarification on what the policy will be and the timeline for its implementation
@BenWilson-Mozilla BenWilson-Mozilla added the 3.0 Mozilla Root Store Policy version 3.0 label Oct 1, 2024
@BenWilson-Mozilla
Copy link
Collaborator Author

See post here: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/jzgUi8OHyhI/m/PqNUxoP1AQAJ

BenWilson-Mozilla added a commit to BenWilson-Mozilla/pkipolicy that referenced this issue Jan 16, 2025
@BenWilson-Mozilla
Added 7.5 Dedicated Roots
456395e 
This is to address Issue mozilla#279.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.0 Mozilla Root Store Policy version 3.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BenWilson-Mozilla