Confirmed users, Administrators
5,526
edits
SecurityEngineering/mozpkix-testing: Difference between revisions
Jump to navigation
Jump to search
SecurityEngineering/mozpkix-testing (view source)
Revision as of 16:26, 28 April 2014
, 28 April 2014→Behavior Changes
| Line 81: | Line 81: | ||
# End-entity certificates are no longer allowed to include the OCSPSigning EKU. | # End-entity certificates are no longer allowed to include the OCSPSigning EKU. | ||
# Intermediate certificates that contain the EKU extension now are required to assert either the serverAuth bit or the Netscape Server Gated Crypto bit (support for NSGC is provided temporarily for backward compatibility). | # Intermediate certificates that contain the EKU extension now are required to assert either the serverAuth bit or the Netscape Server Gated Crypto bit (support for NSGC is provided temporarily for backward compatibility). | ||
# EV treatment will not be given when the OCSP response for the intermediate certificate is more than 10 days old. | |||
#* Related Bugs: {{Bug|991815}} | |||
= Things for CAs to Fix = | = Things for CAs to Fix = | ||