New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add definition of "mis-issuance"? #76
Comments
How about specifically including things that are violations of the Mozilla policy that aren't BR/RFC violations? (e.g. an s/mime cert signed with SHA-1 from a non-serverAuth chain or low entropy SHA-1) |
How about this? "The category of mis-issued certificates includes (but is not limited to) those issued to someone who should not have received them, those containing information which was not properly validated, those having incorrect technical constraints, and those using algorithms other than those permitted." |
lgtm |
This text would go in section 7.3 ("Removals"). |
It is probably a good idea to exempt the https://www.iana.org/domains/reserved domains from the definition. |
Why? Those domains are still owned by someone (IANA in this case). |
Do we need a formal definition of what we consider mis-issuance? The closest we have is currently a couple of sentence in section 7.3:
This is clearly not an exhaustive list; one would also want to include BR violations, RFC violations, and insufficient EV vetting, at least.
The downside of defining it is that CAs might try and rules-lawyer us in a particular situation.
The text was updated successfully, but these errors were encountered: