At 11:40 AM -0700 3/13/07, Bob Relyea wrote:
In addition, we only parse these kinds of constraints on intermediate certs (we currently don't have a mechanism to place name constraints on a trusted root. Even if the trusted root had constraints itself, they would be ignored once we identify the cert as trusted.
A related question that I was intending to do some research on: if a trust anchor ("trusted root" in this thread) has an expiration date in the past, doe NSS still treat it as a trust anchor, or does it ignore it?
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
