On 11/29/2008 06:43 AM, Frank Hecker:
On the WISeKey end, they could mandate use of SAN in BlackBox-issued certificates (as opposed to just including it in the default template), and from the NSS end we could disallow use of CN for storing domain names.
At least you could have made it a requirement in order for the name constraints to have any effect with NSS.
In regards to NSS we don't have to disallow subject CN fields, but have NSS check also for these attributes in addition to the SAN.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
