[cabfpub] Ballot 108: Clarifying the scope of the baseline requirements
Gervase Markham
gerv at mozilla.org
Thu Aug 8 08:58:32 UTC 2013
On 07/08/13 18:59, Ryan Sleevi wrote:
> All we're talking about is what the cert validation library (*not* the
> SSL library) will do if it sees a cert with SGC EKUs, but no Server
> Auth / Client Auth EKUs.
>
> The cited libraries will all treat the SGC EKUs as equivalent to
> Server Auth in that case. As such, certs with SGC EKUs would need to
> be in scope, because they'd be technically possible to be used as
> server certs.
Ah, I see. Thanks for clarifying. That makes sense.
Are there certs out there today which have SGC EKUs and _not_ the
standard server EKU? What would break if NSS stopped treating the SGC
EKU as equivalent to a server EKU?
Gerv
More information about the Public
mailing list