On Fri, Jan 18, 2019 at 10:34 AM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> How does this match the policy that a name constrained intermediate (1st
> intermediate) can be placed in the control of an organization that has
> been validated as controlling
On 14/01/2019 22:54, Wayne Thayer wrote:
On Mon, Jan 14, 2019 at 9:57 AM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
dev-security-policy wrote:
Hi
I have question for following case of
Thanks Sleevi
Thanks to provide us an example of (another intermediate).
Technical and name constraints seems much clear for me now.
2019年1月15日火曜日 1時56分58秒 UTC+9 Ryan Sleevi:
> On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
> dev-security-policy wrote:
>
> > Hi
> >
> > I have
Thanks Wayne
Thanks to break up requirements of not having name-constraints for 1st and 2nd
intermediate.
If we would not able to use name-constraints for some technical reason, we
might think about that idea.
Although, I believe our company do not have such a requirement at least now.
On Mon, Jan 14, 2019 at 9:57 AM Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
> dev-security-policy wrote:
>
> > Hi
> >
> > I have question for following case of certificate chain.
> > (root
On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
dev-security-policy wrote:
> Hi
>
> I have question for following case of certificate chain.
> (root cert)--(1st intermediate cert)--(2nd intermediate cert)--(EE cert)
> In addition, "1st intermediate cert" is for technically
Hi
I have question for following case of certificate chain.
(root cert)--(1st intermediate cert)--(2nd intermediate cert)--(EE cert)
In addition, "1st intermediate cert" is for technically constrained with name
constraints (including server-auth EKU).
I believe we Must put EKU
7 matches
Mail list logo