[Smcwg-public] Scope of S/MIME BRs and No EKU in an S/MIME Certificate

Ben Wilson bwilson at mozilla.com
Fri Jul 28 16:45:01 UTC 2023

For TLS Certificates, I think it was discovered that they would still work
if there was no EKU in them (or maybe that was just the chaining down from
Intermediate CA certificates).  Anyway, I have commented in a discussion on
the Mozilla Dev-Security-Policy list
about the scope of the Mozilla Root Store Policy as it applies to SMIME
certificates. Presence of the anyEKU EKU should bring them in scope of
Mozilla policy, but what about end entity certificates that have no EKU?
Does anyone want to comment on that thread in MDSP?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230728/0216177f/attachment.html>

More information about the Smcwg-public mailing list