> > Hopefully that made sense? Thanks for the information, the situation is not so bad as we thougth before.
If I understand well, the same intermediate CA may issue EV and OV certificates, but the proper CP OID shall be included in the TLS certificate. It menas that the service provider doesn't have to set up a new intermediate CA due to this PSD2 issue. According to the present requirements the CA may issue PSD2 certificates, but instead of the CABF EV CP OID it shall contain the CABF OV CP OID and this shall be clearly stated in the CP and CPS documents too. After having the result of the Ballot SC17 the CA shall review the new requirements and make the necessary changes if there will be any. We hope that it will be possible to issue PSD2 certificates with CABF EV CP OID by the same intermediate CA from June 2019. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
