On 12 September 2012 15:37, Phillip Hallam-Baker <[email protected]> wrote: > On Wed, Sep 12, 2012 at 10:34 AM, Ben Laurie <[email protected]> wrote: >> >> On 12 September 2012 15:33, Phillip Hallam-Baker <[email protected]> wrote: >> > Issuing a cert on a public root for the purpose of enabling transparent >> > intercept of SSL on a Bluecoat like device. >> >> OK. So how would one tell what the purpose was? >> >> For example: http://cdp.disney.com/ > > > I don't think you can and I don't think you need to. > > Transparency is pretty robust. If people have a good explanation for the > reason they are doing something then it isn't an intercept cert. If they > don't have an explanation then it is a problem even if the specific problem > isn't intercept.
I'd say name constraints were the right mechanism, not a plausible explanation :-) _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
