Hello list,

during our last meeting with Simo we discussed support for name constraint extension in CA certificates and clients.


The Name Constraints Extensions is defined here:
http://tools.ietf.org/html/rfc5280#section-4.2.1.10

Following article could be interesting for you if you like longer stories:
"Mozilla changes policy to limit risk of subordinate CA certificate abuse"
Author: Lucian Constantin 19.02.2013 kl 21:50
http://news.idg.no/cw/art.cfm?id=8C9E7CFA-0E65-24B0-1539C891C8F4C09B

If I remember correctly, questions were mainly about support on client side and about implications for older clients.

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to