<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Post from 2004 on this topic: <a href="http://unmitigatedrisk.com/?p=8">http://unmitigatedrisk.com/?p=8</a><br><br>Ryan Hurst<div><div style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">Chief Technology Officer</div><div style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">GMO Globalsign</div><div style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); "><br></div><div><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">twitter: @rmhrisk</span></div><div>email: <a href="mailto:ryan.hurst@globalsign.com">ryan.hurst@globalsign.com</a></div><div>phone: 206-650-7926</div><div><br></div><div>Sent from my phone, please forgive the brevity.</div></div></div><div><br>On Aug 7, 2013, at 11:58 AM, "Eddy Nigg (StartCom Ltd.)" <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
On 08/07/2013 08:59 PM, From Ryan Sleevi:
<blockquote cite="mid:CACvaWvbWbQQ7PJdT1755YSMOUeTV9sXTCTwfkyg1+5kQBU+8Sw@mail.gmail.com" type="cite">
The cited libraries will all treat the SGC EKUs as equivalent to
Server Auth in that case. As such, certs with SGC EKUs would need
to
be in scope, because they'd be technically possible to be used as
server certs.
</blockquote>
<br>
You might be right - the concern is what Gerv already mentioned
here: <a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=476807">https://bugzilla.mozilla.org/show_bug.cgi?id=476807</a><br>
<br>
<i>Anyone still using "It supports SGC/Step Up" as a marketing
mechanism is either a) encouraging the use of long-outdated,
insecure and standards-incompliant browsers, or b) using FUD.</i><br>
<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Public mailing list</span><br><span><a href="mailto:Public@cabforum.org">Public@cabforum.org</a></span><br><span><a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a></span><br></div></blockquote></body></html>