On 18/10/2016 20:40, Eric Mill wrote:
The first thing that comes to mind is to define an intermediate
representation of per-root constraints, that Mozilla can distribute
alongside certdata.txt.
The simplest piece would be name constraints, but incorporating things like
CT constraints and date-ba
On Tuesday, October 18, 2016 at 11:42:17 AM UTC-7, Eric Mill wrote:
> I guess there's actually an RFC for something like this?
> https://tools.ietf.org/html/rfc5914 But I haven't looked at it in depth to
> see whether it's a good solution for this problem. I also don't think it
> requires an RFC to
The first thing that comes to mind is to define an intermediate
representation of per-root constraints, that Mozilla can distribute
alongside certdata.txt.
The simplest piece would be name constraints, but incorporating things like
CT constraints and date-based constraints would clearly be useful.
Tom,
On the topic of tooling I have a console tool, and library, that can be used to
parse and filter various certificate stores, you can find it here:
https://github.com/PeculiarVentures/tl-create
Ryan
___
dev-security-policy mailing list
dev-securit
On 18 October 2016 at 08:00, Jakob Bohm wrote:
> On 18/10/2016 14:35, Gervase Markham wrote:
>>
>> On 17/10/16 16:35, Jakob Bohm wrote:
>>>
>>> In the not so distant past, the Mozilla root program was much more
>>> useful due to different behavior:
>>>
>>> 1. Mozilla managed the root program based
5 matches
Mail list logo