[Freeipa-devel] CA name constrains
Petr Spacek
pspacek at redhat.com
Wed Feb 27 12:55:47 UTC 2013
Hello list,
during our last meeting with Simo we discussed support for name constraint
extension in CA certificates and clients.
The Name Constraints Extensions is defined here:
http://tools.ietf.org/html/rfc5280#section-4.2.1.10
Following article could be interesting for you if you like longer stories:
"Mozilla changes policy to limit risk of subordinate CA certificate abuse"
Author: Lucian Constantin 19.02.2013 kl 21:50
http://news.idg.no/cw/art.cfm?id=8C9E7CFA-0E65-24B0-1539C891C8F4C09B
If I remember correctly, questions were mainly about support on client side
and about implications for older clients.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list