At 11:40 AM -0700 3/13/07, Bob Relyea wrote:
In addition, we only parse these kinds of constraints on
intermediate certs (we currently don't have a mechanism to place
name constraints on a trusted root. Even if the trusted root had
constraints itself, they would be ignored once we identify the
Frank Hecker wrote:
Wan-Teh Chang wrote:
Gervase Markham wrote:
I am interested in investigating with the NSS developers whether it
would be possible to restrict a particular root certificate to
signing end entity certificates only for domains with a particular TLD.
In this context Gerv
Frank Hecker wrote:
> Of course using name constraints in the classic sense requires the
cooperation of the CA (since they have to add the extension to the CA
cert). I think Gerv was thinking of the more general case where for
policy reasons we might want to impose constraints on a CA even in t
3 matches
Mail list logo
