Eddy Nigg (StartCom Ltd.) wrote:
> As mentioned earlier, I think the only (obvious) thing missing is under
> section 14 another line for the purposes if the root (or a specific
> intermediate root) should have the EV extension enabled when submitting
> the request.
My apologies, I forgot about this. See my latest patch attached to bug
399214. Basically I added a new item in section 14 as follows:
14. ... The request should include the following:
...
* for each CA certificate requested for inclusion, whether the CA
issues Extended Validation certificates within the CA hierarchy
associated with the CA certificate and, if so, the EV policy OID
associated with the CA certificate;
The proposed patch also contains some other new changes, but this is the
only substantive one.
Incidentally, just to be clear on this, my understanding is there is no
EV certificate extension per se. The EV policy OID is just added as
separate metadata to be associated with the pre-loaded root CA
certificate; there is nothing in the CA certificate itself that is
specifically EV-related.
Frank
--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
