Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.

Erwann Abalea <eabalea@gmail.com> Tue, 19 February 2013 17:08 UTC

MIME-Version: 1.0
In-Reply-To: <5123AD0B.4050709@bull.net>
References: <5123AD0B.4050709@bull.net>
Date: Tue, 19 Feb 2013 18:08:10 +0100
Message-ID: <CA+i=0E4g7GRmHAsM34RHEsvEMvwVxfkkfXayLA7ycSU7q-QTMQ@mail.gmail.com>
From: Erwann Abalea <eabalea@gmail.com>
To: Denis Pinkas <denis.pinkas@bull.net>
Content-Type: multipart/alternative; boundary="14dae9cfce5ede31e304d616e275"
Cc: pkix <pkix@ietf.org>
Subject: Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
Precedence: list

Bonjour,

2013/2/19 Denis Pinkas <denis.pinkas@bull.net>
[...]

> Mozilla announces on
> https://lists.mozilla.org/listinfo/dev-security-policy: “*The subscribers
> list is only available to the list administrator”. *
>

That's classic.


> So it is quite hard to know who was on the discussion list and thus who
> participated to the discussion.
>

No, the list itself is public. You can use their newsgroup server, or
Google Groups to access it.
The discussion is accessible here
https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.security.policy/Rbc-5j6i-vY


> ****
>
> Since the publication is recent (February 14, 2013), it might be
> appropriate to ask to the Mozilla community to respect the compliance
> to the standards. In order to fulfil its needs, the Mozilla community
> should:****
>
> -          either define its own extension,****
>
> -          or, propose a new extension so that it can be published in an
> RFC according to the IETF rules.****
>
>
I proposed to rely on certificatePolicies extension. That's the purpose of
this extension. Unfortunately, it's often incorrectly used, so that would
need a cleaning step and a definition of standardized policyIds for
specific purposes.

-- 
Erwann.

[pkix] A non-compliant use of the EKU extension i… Denis Pinkas
Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
Re: [pkix] A non-compliant use of the EKU extensi… David A. Cooper
Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
Re: [pkix] A non-compliant use of the EKU extensi… Denis Pinkas
Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
Re: [pkix] A non-compliant use of the EKU extensi… Santosh Chokhani
Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
Re: [pkix] A non-compliant use of the EKU extensi… Dr Stephen Henson
Re: [pkix] A non-compliant use of the EKU extensi… Martin Rex
Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
Re: [pkix] A non-compliant use of the EKU extensi… Henry B. Hotz
Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
Re: [pkix] A non-compliant use of the EKU extensi… Yoav Nir
Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
Re: [pkix] A non-compliant use of the EKU extensi… Peter Sylvester
Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
[pkix] Agenda items for PKIX in Orlando Stefan Santesson
Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
[pkix] PKIX WG's (lack of) agility to adopt missi… Martin Rex