Hi,
Thanks for the replies, it's very much appreciated. It takes careful reading of
RFC 3280 if you don't want to miss the crucial distinction between
intermediate certificate on the path and certificate on the path - thanks
for the highlighting.
My conclusion from all this is that the many
My reading of RFC 3280/5280 and from implementation experience with NSS,
CryptoAPI, OpenSSL, and other implementations is that no, that is not
correct.
CA:TRUE with a pathlen:0 is conformant to RFCs 3280/5280. The most common
cause for this would be for a CA certifying an intermediate, but that
On 2011/09/01 06:12 PDT, Sean Leonard wrote:
Looks like there is some discussion on mozilla.dev.security; I wanted to
respond from more of an NSS point of view.
On 8/30/2011 9:46 AM, Boris Zbarsky wrote:
I was looking at our CA root list, and a lot of them seem like
specialist CAs that
3 matches
Mail list logo
