[cabfpub] Additional OIDs in end-entity certificates

Gervase Markham gerv at mozilla.org
Mon Aug 22 09:20:43 UTC 2016


On 21/08/16 23:07, Kirk Hall wrote:
> Assuming the other browsers take the same position, then in the future
> when a CA or a political jurisdiction wants extra markers in
> certificates for their own purposes, the Forum and the browsers won’t
> have to get involved.
> 
> Do Microsoft, Apple, and Mozilla agree?

I don't believe there's anything in the BRs, Mozilla's policies or
anywhere else which prevents CAs adding OIDs to their certs which are
not mentioned in the BRs. If you think there is, explain where.

Gerv



More information about the Public mailing list