CA/EV Processing for CAs: Difference between revisions

m
(→‎EV TLS Capable: clarification on CA-specific EV OIDs)
m (→‎CA-Specific OIDs: Added link)
 
Line 20: Line 20:
=== CA-Specific OIDs ===
=== CA-Specific OIDs ===


Our long-term goal is to have Firefox only recognize the CAB Forum EV policy OID (2.23.140.1.1). So we stopped adding CA-specific EV OIDs to ExtendedValidation.cpp, and are only adding the 2.23.140.1.1 EV OID for new EV-enablement requests. This page still describes Firefox's treatment of CA-specific EV OIDs because we are not currently planning to go back and change it for root certificates that already had a CA-specific EV OID. Our current plan is to let those pre-existing root certificates expire.
Our long-term goal is to have Firefox only recognize the CAB Forum EV policy OID (2.23.140.1.1). So we stopped adding CA-specific EV OIDs to [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp], and are only adding the 2.23.140.1.1 EV OID for new EV-enablement requests. This page still describes Firefox's treatment of CA-specific EV OIDs because we are not currently planning to go back and change it for root certificates that already had a CA-specific EV OID. Our current plan is to let those pre-existing root certificates expire.


It is fine for the CA's certificates to also specify their CA-specific OID(s), but the 2.23.140.1.1 OID will also need to be in them.
It is fine for the CA's certificates to also specify their CA-specific OID(s), but the 2.23.140.1.1 OID will also need to be in them.
Confirmed users
377

edits