[cabfpub] (Eventually) requiring id-kpServerAuth for all certs in the chain?

Gervase Markham gerv at mozilla.org
Fri Nov 21 11:49:22 UTC 2014

On 21/11/14 03:06, Kelvin Yiu wrote:
> Instead of each browser root program maintaining their own separate
> audit requirements, would it be better for the CABF as a body to
> maintain a list of suitable audit criteria (along with the version of
> the audit criteria and possibly auditor qualification information) in a
> separate guidelines document that browsers can reference?

Mozilla reserves the right to accept audit criteria that we define. So
an advisory document which kept up with the latest in what WebTrust and
ETSI are doing would be great and welcome. (Something more mandatory
would not.)


More information about the Public mailing list