Hi, Thanks for the replies, it's very much appreciated. It takes careful reading of RFC 3280 if you don't want to miss the crucial distinction between "intermediate certificate on the path" and "certificate on the path" - thanks for the highlighting.
My conclusion from all this is that the many certs with CA:TRUE and pathlen:0 are not conformant, but not able to operate as CAs, either. Right? Interesting that there are so many, tho. Thanks, Ralph -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
