MozillaWiki

SecurityEngineering/mozpkix-testing: Difference between revisions

Page Discussion

SecurityEngineering/mozpkix-testing (view source)

Revision as of 19:20, 31 March 2014

9 bytes removed ,  31 March 2014
m
→‎Things for CAs to Fix
Line 55: Line 55:
= Things for CAs to Fix =
= Things for CAs to Fix =


Workarounds were implemented to allow mozilla::pkix to handle the following situations. However, we will be asking CAs to immediately stop issuing new certificates with these issues, and we will identify dates for removing these workarounds.
Workarounds were implemented to allow mozilla::pkix to handle the following situations. We will be asking CAs to immediately stop issuing new certificates with these issues, and we will identify dates for removing these workarounds.


# Stop using the "Netscape Server Gated Crypto (2.16.840.1.113730.4.1)" (SGC) EKU.  For all new certificate issuance, use the "TLS Web Server Authentication (1.3.6.1.5.5.7.3.1)" EKU instead of the SGC EKU.
# Stop using the "Netscape Server Gated Crypto (2.16.840.1.113730.4.1)" (SGC) EKU.  For all new certificate issuance, use the "TLS Web Server Authentication (1.3.6.1.5.5.7.3.1)" EKU instead of the SGC EKU.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/959278"