On 2011/09/01 06:12 PDT, Sean Leonard wrote:
> Looks like there is some discussion on mozilla.dev.security; I wanted to
> respond from more of an NSS point of view.
>
> On 8/30/2011 9:46 AM, Boris Zbarsky wrote:
>> I was looking at our CA root list, and a lot of them seem like
>> "specialist" CAs
My reading of RFC 3280/5280 and from implementation experience with NSS,
CryptoAPI, OpenSSL, and other implementations is that no, that is not
correct.
CA:TRUE with a pathlen:0 is conformant to RFCs 3280/5280. The most common
cause for this would be for a CA certifying an intermediate, but that
in
Hi,
Thanks for the replies, it's very much appreciated. It takes careful reading of
RFC 3280 if you don't want to miss the crucial distinction between
"intermediate certificate on the path" and "certificate on the path" - thanks
for the highlighting.
My conclusion from all this is that the man
3 matches
Mail list logo
