On Sun, 2010-10-03 at 22:50 -0400, Matt McCutchen wrote: > Another approach is to have name-constrained intermediate certificates > include a critical extension that means "name constraints must be > applied to the CN-ID". EE certificates under such an intermediate > certificate will only be accepted by clients that properly enforce the > name constraints. An organization could use a name-constrained > intermediate certificate for servers that don't need to support legacy > clients and get a certificate directly from a public CA for servers that > do. I previously proposed this here:
Sorry. https://bugzilla.mozilla.org/show_bug.cgi?id=554442 -- Matt _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
