On Fri, Nov 4, 2016 at 3:42 PM, Hanno Böck <[email protected]> wrote: > > Isn't that already solved? > > Browsers already treat manually installed roots differently, e.g. > bypassing key pinning. Chrome's CT requirements don't apply to locally > installed roots. > > How about public technically constrained sub CAs?
(By the way I always found the "secret server name" idea wrong and I > would generally recommend against local CAs in almost all cases. It > adds a lot of complexity and I assume it often creates more problems > than it solves.) > > Agree Martin _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
