Hi folks, The "IncludedCACertificateReportPEMCSV" <https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV> report available from CCADB contains a column labelled "Mozilla Applied Constraints".
Presently the only row with a value in that column is the CA certificate with common name "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" (fingerprint: 46EDC3689046D53A453FB3104AB80DCAEC658B2660EA1629DD7E867990648716), which has the Mozilla Applied Constraints column value of "*.tr". I'm interested in creating automation that can build a set of trust anchors from the CSV content that would include imposed name constraints, but would appreciate input on my assumptions about the format of this column: * Is it fair to assume this field will only express a single value? If multiple values are possible, would they be a JSON encoded array or use some other delimiter? * Is it fair to assume a value like "*.tr" is intended to convey an RFC 5280 name constraint extension carrying a permitted subtree with a base dNSName GeneralName with the value ".tr", and that future updates would follow the same pattern (e.g. using a wildcard character)? * If the above interpretation is correct, is there a potential that excluded subtrees would be expressed somehow in the future? Would that be a new column, or somehow encoded into the value of the existing column? Thanks! -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/9ceb3a8d-6257-4deb-91ef-5e82c8e7daf1n%40ccadb.org.
