Changes

CA/Required or Recommended Practices

4 bytes added, 22:40, 15 November 2011

m

→‎Constrain Sub-CAs to Authorized Domains (DRAFT)

Notes:

* NSS already fully supports RFC 3280 name constraints. * The Name Constraints extension is a part of the PKIX profile for certificates. See RFC

5280, section 4.2.1.10, <http://www.apps.ietf.org/rfc/rfc5280.html#sec-4.2.1.10>, and section 6.1.1, <http://tools.ietf.org/html/rfc5280#section-6.1.1>. Note that

while it is part of the standard, it is not required to be implemented.

* Reference: https://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/131420ae821960df#

== Notes for future work ==

Kathleen Wilson

Confirm, administrator

5,526

edits

Changes

CA/Required or Recommended Practices

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools