> Le 18 août 2017 à 15:18, Mark H. Wood <mw...@iupui.edu> a écrit : > > On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users > wrote: >> The BR are for public CAs, not private CAs; even if some of those >> requirements are considered « good practice » (the 64 bits out of a CSPRNG >> is such a req), they cannot be forced on private CAs. >> And unless some or all of the browsers also apply these requirements to >> private CAs, you’re not forced to follow them all. > > How does one mechanically distinguish public vs. private CAs?
OS/Browser-granted or user-granted. Each browser does it differently. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users