On 20/12/12 11:20, Ben Laurie wrote:
On 20 December 2012 09:50, Stephen Farrell <[email protected]> wrote:
- Having a thing with basicConstraints.cA==false issue precerts
seems wrong, but that may be better discussed during IETF LC so
I'm not requesting a change now.
This was deliberate to avoid the precertificate being a valid
certificate, as requested by CAs.
Ben, doesn't the new poison critical extension requirement mean that
this Basic Constraints hack is no longer needed?
The poison critical extension means that a precert cannot be used as a
cert. Is that not invalid enough?!?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
