* Richard Barnes: > I've been doing some research on the potential benefits of adding name > constraints into the Mozilla root program. I've drafted an initial > proposal and put it on a wiki page: > > https://wiki.mozilla.org/CA:NameConstraints > > Questions and comments are very welcome.
A PKIX-compliant implementation of Name Constraints is not effective in the browser PKI because these constraints are not applied to the Common Name. NSS used to be non-compliant (and deliberately so), so the constraints do work there, but I don't know if that's still the case. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
