Brian Smith a écrit :
3. libpkix can enforce certificate policies (e.g. requiring EV policy OIDs). Can the non-libpkix validation?
EV policy have been defined in a way that means they could be supported by a code that handles an extremely tiny part of all what's possible with RFC5280 certificate policies.
They could even not be supported at all by NSS, and instead handled by a short bit of code inside PSM that inspects the certificate chain and extract the value of the OIDs. Given that the code above NSS needs anyway to have a list of EV OIDs/CA name hard coded (*if* I'm correct, I might be wrong on that one), it wouldn't change things that much actually.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
