On 04/08/14 18:44, Jesper Kristensen wrote: > I agree that it would not be relevant for the traditional intermediate > CA certificates in the near future for this reason. I was thinking of > name constrained sub-CAs, which on some aspects are more similar to EE > certs than CA certs.
OK. Let's assume for a moment that there is someone out there who wants to do this. Can anyone think of a reason why allowing short-lived intermediates is more risky than allowing short-lived EE certs? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy