>>> >>> <snip> >>> How would that work? Name constraints only constrain subordinate certs... >> >> All CA certs are subordinate to trust anchors. > > Surely not? Surely many of them are trust anchors?
OK, but the name constraints asserted in a TA as passed in validation would still be enforced. <snip>
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
