On 10/17/2011 05:21 PM, Chris Palmer wrote:
Your average sys admin is more comfortable telling Apache to send a
particular header with particular text than wrangling openssl(1) to
add various extensions to a certificate.
My understanding is that most people just generate their certs directly
using their CA's web interface and download the result.
On one hand this would suggest that admins will be ill-prepared to set
custom x509 extensions. On the other, we may find that CAs are quite
receptive to new features which support pinning customers to
themselves.
- Marsh
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
