ch will need a lot more thought I guess.
Regards,
Balint Balogh
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
umbersome and error-prone in the long run since one must
keep track of root CAs included in client products, update certifications and
root CA invalidations accordingly and roll them out to users.
A simple static policy would be a lot easier to setup, maintain and check for
correctness.
Regard
ng any information would remove the need
for a root CA which, and only which, is explicitely authorized locally at the
client to sign certificates (or TXT records, whatever) for a specific domain.
Regards,
Balint Balogh
___
dev-tech-crypto mailing list
de
wed to sign certificates matching certain criteria (e.g. those that belong
to a specific domain).
I would really like to hear others' opinion about this issue.
Regards,
Balint Balogh
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
a way around this problem, without disabling or removing all other
certificates? Certificates signed by other, widely recognized CAs, whose
certificates are included by default in Mozilla products should still be
considered valid except for *.example.com domains.
Thanks for any help.
Balint
5 matches
Mail list logo
