CA/EV Processing for CAs: Difference between revisions

Jump to navigation Jump to search

CA/EV Processing for CAs (view source)

Revision as of 18:14, 21 April 2024

333 bytes removed ,  21 April 2024
→‎EV TLS Capable: removed references to CA-designated EV CP OIDs
(Added paragraph about our intent to only recognize the CAB Forum EV policy OID in the future)
(→‎EV TLS Capable: removed references to CA-designated EV CP OIDs)
Line 5: Line 5:
* is not revoked and not expired
* is not revoked and not expired
* does not have an Extended Key Usage (EKU) extension or does have an EKU extension containing KeyPurposeIds: anyExtendedKeyUsage or id-kp-serverAuth
* does not have an Extended Key Usage (EKU) extension or does have an EKU extension containing KeyPurposeIds: anyExtendedKeyUsage or id-kp-serverAuth
* has Policy Identifiers containing one or more of: 2.23.140.1.1 (CABF EV OID), 2.5.29.32.0  (anyPolicy OID), the CA's EV OIDs used by Mozilla in [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp], or any Policy OIDs listed in [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp] for the CA certificate.
* has the CA/Browser Forum Certificate Policy Object Identifier (OID) of 2.23.140.1.1 (CABF EV OID).


= Firefox EV Processing Logic =
= Firefox EV Processing Logic =
Bwilson
Confirmed users
377

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1250586"

Navigation menu