11 hours ago, a new certificate was given birth to which I would like to share with this list for edification purposes. I think that the audience here should be able to fully appreciate what marvellous real-world example we are now provided with for testing the PKIX-based path validation implementations of the world for RFC 5280 compliance ("Applications conforming to this profile MUST be able to process name constraints that are imposed on the directoryName name form and SHOULD be able to process name constraints that are imposed on the rfc822Name, uniformResourceIdentifier, dNSName, and iPAddress name forms").
Time is short, however: the certificate will expire on 1st November 2014, already. Happy testing, and let's not go astray into any policy discussions, please. Kaspar -----BEGIN CERTIFICATE----- MIIVKjCCFBKgAwIBAgIEByeWvjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTEzMTEwMTIwMzk1M1oX DTE0MTEwMTIwMzgxMVowbTELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBWFkbWluMREw DwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3Jp dGllczEXMBUGA1UEAxMOQWRtaW5DQS1DRC1UMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDSNCUxmaksOFX4Y1H1MChI2V4mBAHjEBckQtB/n/JIx+gU DgyaMqphdCQHowY+5ArBH1dFFI9/rW+pvxg+x2NGaClvIcFxR3m3Q3xFfrBFlSc8 xb5sIKjZWoBThcVueVzaAcppqbTB1O1sFNcSS/SJ4gd/EJ8XFepKxKvrQiQX/b/F usCBX9APnIeToh7x94BVbCLlS1oWq27guIUSHZAzLGw7LPU5y8rOQzaDzve3KITu PMyBk/5bDe2JuTYX357pl6IHftMs6ZW2+CmavCzh+IisU1cRhJYFWtRNufzVTjvJ bM6B/l8Qc/TttFXlA4LMKb32o2KaxsvoIbudPvwJAgMBAAGjghHjMIIR3zASBgNV HRMBAf8ECDAGAQH/AgEBMF8GA1UdIARYMFYwSAYJKwYBBAGxPgEAMDswOQYIKwYB BQUHAgEWLWh0dHA6Ly9jeWJlcnRydXN0Lm9tbmlyb290LmNvbS9yZXBvc2l0b3J5 LmNmbTAKBghghXQBEQMVATCCELMGA1UdHgSCEKowghCmoIIQlDAWghRuYXRpb25h bC1yZWdpc3RyeS5jaDAQgg52ZXZhLW9ubGluZS5jaDAVghNoZWx2ZXRpY2FyY2hp dmVzLmNoMA+CDWljaHNjaHdlaXouY2gwC4IJZW52aXJhLmNoMAqCCGFkbWluLmNo MAqCCGFnYXRlLmNoMA2CC2FydDc0aXZnLmNoMBGCD21vYmlsZXNwb3J0Mi5jaDAT ghFhY3Jvc3N0aGVhbHBzLm9yZzAMggpuYWJvZGF0LmNoMA2CC2NhZGFzdHJlLmNo MBCCDm1vYmlsZXNwb3J0LmNoMA6CDHN3aXNzdG9wby5jaDAKgghmaW5tYS5jaDAM ggpldGF0LWdlLmNoMA2CC2ZhYmFzb2Z0LmNoMA6CDGFncm9zY29wZS5jaDAVghNn ZWxhbi1pbmZvcm1hdGlrLmNoMAyCCm15Z2VsYW4uY2gwD4INZXNwYWNlLWV2ZC5j aDAPgg1lc3BhY2Utd2JmLmNoMBSCEnJlZ2lzdHJlLW1vbmFjby5tYzARgg9leHRy YW5ldC1ldmQuY2gwCYIHaXZiZS5jaDAHggVhZy5jaDAHggVnci5jaDALgglzY2h3 eXouY2gwB4IFc3ouY2gwB4IFemguY2gwC4IJc3BoYWlyLmNoMAuCCWVvZmNvbS5j aDAMggplLW9mY29tLmNoMAyCCmVjZW5zdXMuY2gwEYIPaG91c2luZy1zdGF0LmNo MAyCCnB1YmxpY2EuY2gwB4IFdGkuY2gwB4IFY2guY2gwCIIGc2lrLmNoMBOCEXN3 aXNzLWFyY2hpdmVzLmNoMBCCDnNwaXRhbGRhdm9zLmNoMAyCCmpvYmFyZWEuY2gw EIIOdGF4bWVvbmxpbmUuY2gwCoIIbWV0YXMuY2gwD4INc3dpc3NtZWRpYy5jaDAM ggp6ZW50cmFzLmNoMAeCBWJlLmNoMBeCFS5uYXRpb25hbC1yZWdpc3RyeS5jaDAR gg8udmV2YS1vbmxpbmUuY2gwFoIULmhlbHZldGljYXJjaGl2ZXMuY2gwEIIOLmlj aHNjaHdlaXouY2gwDIIKLmVudmlyYS5jaDALggkuYWRtaW4uY2gwC4IJLmFnYXRl LmNoMA6CDC5hcnQ3NGl2Zy5jaDASghAubW9iaWxlc3BvcnQyLmNoMBSCEi5hY3Jv c3N0aGVhbHBzLm9yZzANggsubmFib2RhdC5jaDAOggwuY2FkYXN0cmUuY2gwEYIP Lm1vYmlsZXNwb3J0LmNoMA+CDS5zd2lzc3RvcG8uY2gwC4IJLmZpbm1hLmNoMA2C Cy5ldGF0LWdlLmNoMA6CDC5mYWJhc29mdC5jaDAPgg0uYWdyb3Njb3BlLmNoMBaC FC5nZWxhbi1pbmZvcm1hdGlrLmNoMA2CCy5teWdlbGFuLmNoMBCCDi5lc3BhY2Ut ZXZkLmNoMBCCDi5lc3BhY2Utd2JmLmNoMBWCEy5yZWdpc3RyZS1tb25hY28ubWMw EoIQLmV4dHJhbmV0LWV2ZC5jaDAKggguaXZiZS5jaDAIggYuYWcuY2gwCIIGLmdy LmNoMAyCCi5zY2h3eXouY2gwCIIGLnN6LmNoMAiCBi56aC5jaDAMggouc3BoYWly LmNoMAyCCi5lb2Zjb20uY2gwDYILLmUtb2Zjb20uY2gwDYILLmVjZW5zdXMuY2gw EoIQLmhvdXNpbmctc3RhdC5jaDANggsucHVibGljYS5jaDAIggYudGkuY2gwCIIG LmNoLmNoMAmCBy5zaWsuY2gwFIISLnN3aXNzLWFyY2hpdmVzLmNoMBGCDy5zcGl0 YWxkYXZvcy5jaDANggsuam9iYXJlYS5jaDARgg8udGF4bWVvbmxpbmUuY2gwC4IJ Lm1ldGFzLmNoMBCCDi5zd2lzc21lZGljLmNoMA2CCy56ZW50cmFzLmNoMAiCBi5i ZS5jaDAhpB8wHTELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBWFkbWluMEWkQzBBMQsw CQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjEjMCEGA1UECgwaQkFGVSBCdW5kZXNh bXQgZsO8ciBVbXdlbHQwSKRGMEQxCzAJBgNVBAYTAkNIMQ0wCwYDVQQHEwRCZXJu MSYwJAYDVQQKEx1CaWJsaW90aGVxdWUgbmF0aW9uYWxlIHN1aXNzZTBapFgwVjEL MAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJlcm4xODA2BgNVBAoML0J1bmRlc2FtdCBm w7xyIEluZm9ybWF0aWsgdW5kIFRlbGVrb21tdW5pa2F0aW9uMESkQjBAMQswCQYD VQQGEwJDSDENMAsGA1UEBxMEQmVybjEiMCAGA1UECgwZQnVuZGVzYW10IGbDvHIg R2VzdW5kaGVpdDBIpEYwRDELMAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJlcm4xJjAk BgNVBAoMHUJ1bmRlc2FtdCBmw7xyIExhbmR3aXJ0c2NoYWZ0MEykSjBIMQswCQYD VQQGEwJDSDENMAsGA1UEBxMEQmVybjEqMCgGA1UECgwhQnVuZGVzYW10IGbDvHIg U296aWFsdmVyc2ljaGVydW5nMEukSTBHMQswCQYDVQQGEwJDSDETMBEGA1UEBxMK TWFnZ2xpbmdlbjEjMCEGA1UECgwaQnVuZGVzYW10IGbDvHIgU3BvcnQgQkFTUE8w RaRDMEExCzAJBgNVBAYTAkNIMRAwDgYDVQQHEwdJdHRpZ2VuMSAwHgYDVQQKDBdC dW5kZXNhbXQgZsO8ciBTdHJhc3NlbjBDpEEwPzELMAkGA1UEBhMCQ0gxEDAOBgNV BAcTB0l0dGlnZW4xHjAcBgNVBAoMFUJ1bmRlc2FtdCBmw7xyIFVtd2VsdDBUpFIw UDELMAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJlcm4xMjAwBgNVBAoMKUVpZGdlbsO2 c3Npc2NoZSBGaW5hbnptYXJrdGF1ZnNpY2h0IEZJTk1BMEGkPzA9MQswCQYDVQQG EwJDSDEUMBIGA1UEBxMLTGVzIEFjYWNpYXMxGDAWBgNVBAoMD0V0YXQgZGUgR2Vu w6h2ZTA2pDQwMjELMAkGA1UEBhMCQVQxDTALBgNVBAcTBExpbnoxFDASBgNVBAoT C0ZhYmFzb2Z0IEFHMF+kXTBbMQswCQYDVQQGEwJDSDEQMA4GA1UEBxMHUG9zaWV1 eDE6MDgGA1UEChMxRm9yc2NodW5nc2Fuc3RhbHQgQWdyb3Njb3BlIExpZWJlZmVs ZC1Qb3NpZXV4IEFMUDBBpD8wPTELMAkGA1UEBhMCQ0gxEzARBgNVBAcTClpvbGxp a29mZW4xGTAXBgNVBAoTEEdFTEFOIEluZm9ybWF0aWswWKRWMFQxCzAJBgNVBAYT AkNIMQ0wCwYDVQQHEwRCZXJuMTYwNAYDVQQKEy1HZW5lcmFsc2VrcmV0YXJpYXQg V0JGL0luZm9ybWF0aWsgRGVwYXJ0ZW1lbnQwbqRsMGoxCzAJBgNVBAYTAk1DMQ8w DQYDVQQHEwZNb25hY28xSjBIBgNVBAoTQUdvdXZlcm5lbWVudCBkZSBNb25hY28t RGlyZWN0aW9uIGRlcyBDb21tdW5pY2F0aW9ucyBFbGVjdHJvbmlxdWVzMDGkLzAt MQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjEPMA0GA1UEChMGR1MtRVZEMDmk NzA1MQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjEXMBUGA1UEChMOSVYtU3Rl bGxlIEJlcm4wOaQ3MDUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQHEwVBYXJhdTEWMBQG A1UEChMNS2FudG9uIEFhcmdhdTA9pDswOTELMAkGA1UEBhMCQ0gxDTALBgNVBAcT BENodXIxGzAZBgNVBAoMEkthbnRvbiBHcmF1YsO8bmRlbjA6pDgwNjELMAkGA1UE BhMCQ0gxDzANBgNVBAcTBlNjaHd5ejEWMBQGA1UEChMNS2FudG9uIFNjaHd5ejBK pEgwRjELMAkGA1UEBhMCQ0gxEDAOBgNVBAcMB1rDvHJpY2gxJTAjBgNVBAoMHEth bnRvbmFsZSBWZXJ3YWx0dW5nIFrDvHJpY2gwNKQyMDAxCzAJBgNVBAYTAkNIMQ0w CwYDVQQHEwRCZXJuMRIwEAYDVQQKEwlMdWZ0d2FmZmUwXKRaMFgxCzAJBgNVBAYT AkNIMRQwEgYDVQQHEwtCaWVsL0JpZW5uZTEzMDEGA1UECgwqT2ZmaWNlIGbDqWTD qXJhbCBkZSBsYSBjb21tdW5pY2F0aW9uIE9GQ09NMFOkUTBPMQswCQYDVQQGEwJD SDETMBEGA1UEBwwKTmV1Y2jDonRlbDErMCkGA1UECgwiT2ZmaWNlIGbDqWTDqXJh bCBkZSBsYSBzdGF0aXN0aXF1ZTBLpEkwRzELMAkGA1UEBhMCQ0gxDTALBgNVBAcT BEJlcm4xKTAnBgNVBAoTIFBlbnNpb25za2Fzc2UgZGVzIEJ1bmRlcyBQVUJMSUNB MEykSjBIMQswCQYDVQQGEwJDSDETMBEGA1UEBxMKQmVsbGluem9uYTEkMCIGA1UE ChMbUmVwdWJibGljYSBlIENhbnRvbmUgVGljaW5vMEekRTBDMQswCQYDVQQGEwJD SDENMAsGA1UEBxMEQmVybjElMCMGA1UEChMcU2Nod2VpemVyaXNjaGUgQnVuZGVz a2FuemxlaTBNpEswSTELMAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJlcm4xKzApBgNV BAoTIlNjaHdlaXplcmlzY2hlIEluZm9ybWF0aWtrb25mZXJlbnowR6RFMEMxCzAJ BgNVBAYTAkNIMQ0wCwYDVQQHEwRCZXJuMSUwIwYDVQQKExxTY2h3ZWl6ZXJpc2No ZXMgQnVuZGVzYXJjaGl2MEGkPzA9MQswCQYDVQQGEwJDSDEUMBIGA1UEBxMLRGF2 b3MgUGxhdHoxGDAWBgNVBAoTD1NwaXRhbCBEYXZvcyBBRzBMpEowSDELMAkGA1UE BhMCQ0gxDTALBgNVBAcTBEJlcm4xKjAoBgNVBAoMIVN0YWF0c3Nla3JldGFyaWF0 IGbDvHIgV2lydHNjaGFmdDBMpEowSDELMAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJl cm4xKjAoBgNVBAoTIVN0ZXVlcnZlcndhbHR1bmcgZGVzIEthbnRvbnMgQmVybjBO pEwwSjELMAkGA1UEBhMCQ0gxDzANBgNVBAcTBldhYmVybjEqMCgGA1UEChMhU3dp c3MgRmVkZXJhbCBPZmZpY2Ugb2YgTWV0cm9sb2d5MDWkMzAxMQswCQYDVQQGEwJD SDENMAsGA1UEBxMEQmVybjETMBEGA1UEChMKU3dpc3NtZWRpYzA6pDgwNjELMAkG A1UEBhMCQ0gxFTATBgNVBAcMDEVtbWVuYnLDvGNrZTEQMA4GA1UEChMHemVudHJh czBmpGQwYjELMAkGA1UEBhMCQ0gxDTALBgNVBAcTBEJlcm4xRDBCBgNVBAoMO0Rl cGFydGVtZW50IGbDvHIgVmVydGVpZGlndW5nIEJldsO2bGtlcnVuZ3NzY2h1dHog dW5kIFNwb3J0oQwwCocIAAAAAAAAAAAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2 hns6tQRN8DBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY2RwMS5wdWJsaWMtdHJ1 c3QuY29tL0NSTC9PbW5pcm9vdDIwMjUuY3JsMB0GA1UdDgQWBBQqxGkKocZVxgNu cM6GgbOkD6oZ2zANBgkqhkiG9w0BAQUFAAOCAQEAOtYqqZMEofe1V9AQX2A4BVN6 2Re3wLWY293JacyU80S4J32dKaf03CDghTze1uIGUP0i7VVQjiD0B0IqAm5gymok VGwA/UwQ21oZM7eyX+u6yCf1uS1iIEJavaI7cc48B3/KjRHxBD000ZPeIh8++gSN ZasaFrrcbUAeEwLxc7LOFdR/Pv6FgL2ptnrXuga1UxJMpG3ybudmJwSudX07KGT9 8Yaqw9aIOLwaUvCtIUB+5orZBIIWy1zfq+lX1o6bHnx3nY2Tk/s991z/ufg7GQN8 iHyunfkp5eAFTJ8+FtpEUcWKKB1mEQBxk65af8XpScn2miiFZbPXYWg6f8bbMA== -----END CERTIFICATE----- -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto