Frank Hecker wrote: > > And WISeKey in fact claims that it does impose such constraints, as > noted in various comments in bug 371362 and in its technical security > controls document (as I mentioned in a previous message). > > Sorry about missing that. I had in memory for example the comment of https://bugzilla.mozilla.org/show_bug.cgi?id=371362#c14 which says /"However customers are STILL constrained to using domain names that they own, *but this is done at the application level*, without relying on the name constraints"/
Not that it really matters for the relying party too much as I mentioned earlier, even a certificate or email within the allowed domain range in the hands of the wrong party is an attack. Even more if it remains undetected...it's not the web site (or individual) which is the victim, it's the party which relies on it... / / -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
