MozillaWiki

SecurityEngineering/mozpkix-testing: Difference between revisions

Page Discussion

SecurityEngineering/mozpkix-testing (view source)

Revision as of 22:43, 6 May 2014

98 bytes added ,  6 May 2014
m
→‎Behavior Changes
Line 81: Line 81:
# End-entity certificates that contain the EKU extension are now required to assert the serverAuth bit.
# End-entity certificates that contain the EKU extension are now required to assert the serverAuth bit.
# End-entity certificates are no longer allowed to include the OCSPSigning EKU.
# End-entity certificates are no longer allowed to include the OCSPSigning EKU.
# Intermediate certificates that contain the EKU extension now are required to assert either the serverAuth bit or the Netscape Server Gated Crypto bit (support for NSGC is provided temporarily for backward compatibility).
# If an intermediate certificate contains the EKU extension, and that intermediate certificate will be used to issue SSL/TLS certificates, then the EKU must include the id-kp-serverAuth (1.3.6.1.5.5.7.3.1) bit or the Netscape Server Gated Crypto bit (support for NSGC is provided temporarily for backward compatibility).


= Things for CAs to Fix =
= Things for CAs to Fix =
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/974056"