Re: and constrained subordinate CA costs?

2005-03-29 Thread Peter Gutmann
Erwann ABALEA [EMAIL PROTECTED] writes: On Fri, 25 Mar 2005, Florian Weimer wrote: * Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on

Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 11:55, Florian Weimer wrote: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option

Re: and constrained subordinate CA costs?

2005-03-28 Thread Adam Back
On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote: There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it

Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 16:06, Adam Back wrote: There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it critical, it's not very

and constrained subordinate CA costs? (Re: SSL Cert prices ($10 to $1500, you choose!))

2005-03-25 Thread Adam Back
The URL John forwarded gives survey of prices for regular certs and subdomain wildcard certs/super certs (ie *.mydomain.com all considered valid with respect to a single cert). Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on

Re: and constrained subordinate CA costs?

2005-03-25 Thread Florian Weimer
* Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on