Perhaps we need both a BOF and a Bar BOF on this.
On Wed, Sep 12, 2012 at 10:39 AM, Phillip Hallam-Baker <[email protected]>wrote: > > > On Wed, Sep 12, 2012 at 10:38 AM, Ben Laurie <[email protected]> wrote: > >> On 12 September 2012 15:37, Phillip Hallam-Baker <[email protected]> >> wrote: >> > On Wed, Sep 12, 2012 at 10:34 AM, Ben Laurie <[email protected]> wrote: >> >> >> >> On 12 September 2012 15:33, Phillip Hallam-Baker <[email protected]> >> wrote: >> >> > Issuing a cert on a public root for the purpose of enabling >> transparent >> >> > intercept of SSL on a Bluecoat like device. >> >> >> >> OK. So how would one tell what the purpose was? >> >> >> >> For example: http://cdp.disney.com/ >> > >> > >> > I don't think you can and I don't think you need to. >> > >> > Transparency is pretty robust. If people have a good explanation for the >> > reason they are doing something then it isn't an intercept cert. If they >> > don't have an explanation then it is a problem even if the specific >> problem >> > isn't intercept. >> >> I'd say name constraints were the right mechanism, not a plausible >> explanation :-) >> > > Which is what got me thinking about doing it there first, we want to do NC > there so it makes sense to start there. > > > -- > Website: http://hallambaker.com/ > > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
