Hi,
Thanks for the replies, it's very much appreciated. It takes careful reading of
RFC 3280 if you don't want to miss the crucial distinction between
intermediate certificate on the path and certificate on the path - thanks
for the highlighting.
My conclusion from all this is that the many
Subject: Re: Question about pathlen extension checked
Hi,
Thanks for the replies, it's very much appreciated. It takes careful
reading of RFC 3280 if you don't want to miss the crucial distinction
between intermediate certificate on the path and certificate on the
path - thanks
On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
Hi,
does NSS check the pathlength extension in an issuing certificate?
yes.
I am particularly wondering if pathlen:0 is honoured.
According to the spec, which means no limit. NSS limits the size of the
total chain to prevent loop attacks, so
On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
Hi,
does NSS check the pathlength extension in an issuing certificate?
yes.
I am particularly wondering if pathlen:0 is honoured.
According to the spec, which means no limit. NSS limits the size of the
total chain to prevent loop
On 09/19/2011 08:34 PM, From Robert Relyea:
If you really want pathlen of '0', then just set the isCA bit to FALSE;).
Well wellNSS (or PSM) doesn't even accept an end user certificate
with CA=TRUE as we found out recently. And that's very good IMO.
--
Regards
Signer: Eddy Nigg,
On 2011/09/18 03:15 PDT, Ralph Holz (TUM) wrote:
does NSS check the pathlength extension in an issuing certificate? I am
particularly wondering if pathlen:0 is honoured.
Yes and Yes.
NSS 3.12 claims compliance with RFC 3280.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Hi,
does NSS check the pathlength extension in an issuing certificate? I am
particularly wondering if pathlen:0 is honoured.
Thanks,
Ralph
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
-mozdevtechcrypto=sleevi@lists.mozilla.org] On Behalf
Of Ralph Holz (TUM)
Sent: Sunday, September 18, 2011 6:15 AM
To: mozilla-dev-tech-cry...@lists.mozilla.org
Subject: Question about pathlen extension checked
Hi,
does NSS check the pathlength extension in an issuing certificate? I am
8 matches
Mail list logo