Hello list,

during our last meeting with Simo we discussed support for name constraint extension in CA certificates and clients.

The Name Constraints Extensions is defined here:

Following article could be interesting for you if you like longer stories:
"Mozilla changes policy to limit risk of subordinate CA certificate abuse"
Author: Lucian Constantin 19.02.2013 kl 21:50

If I remember correctly, questions were mainly about support on client side and about implications for older clients.

Petr^2 Spacek

Freeipa-devel mailing list

Reply via email to