Changes

Jump to: navigation, search

CA/Required or Recommended Practices

4 bytes added, 22:40, 15 November 2011
m
Constrain Sub-CAs to Authorized Domains (DRAFT)
Notes:
* NSS already fully supports RFC 3280 name constraints. * The Name Constraints extension is a part of the PKIX profile for certificates. See RFC
5280, section 4.2.1.10, <http://www.apps.ietf.org/rfc/rfc5280.html#sec-4.2.1.10>, and section 6.1.1, <http://tools.ietf.org/html/rfc5280#section-6.1.1>. Note that
while it is part of the standard, it is not required to be implemented.
 * Reference: https://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/131420ae821960df#
== Notes for future work ==
Confirm, administrator
5,526
edits

Navigation menu