Paul Hoffman wrote: > [...] > For this to work, Microsoft path validation also checks that the end > certificate is consistent with the EKU property of the root. This part > adds to X.509 and rfc 3280bis.
:s/adds to/conflicts with/ > [...] > The normal case is that the root certificate does not have any EKU > extension and that all EKU's are expressed as parameters set by Microsoft. It would be good if the page http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=true was written in a way that makes that *clearly* the preferred method. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
