On 20 December 2012 11:28, Rob Stradling <[email protected]> wrote: > On 20/12/12 11:20, Ben Laurie wrote: >> >> On 20 December 2012 09:50, Stephen Farrell <[email protected]> >> wrote: >>> >>> - Having a thing with basicConstraints.cA==false issue precerts >>> seems wrong, but that may be better discussed during IETF LC so >>> I'm not requesting a change now. >> >> >> This was deliberate to avoid the precertificate being a valid >> certificate, as requested by CAs. > > > Ben, doesn't the new poison critical extension requirement mean that this > Basic Constraints hack is no longer needed? > > The poison critical extension means that a precert cannot be used as a cert. > Is that not invalid enough?!?
Probably. _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
