[caops-wg] Re: ca signing policy file
Mike Helm
helm at fionn.es.net
Mon Oct 10 10:30:22 CDT 2005
David Chadwick writes:
> > AIA extensions that jump around missing links in the trust chain
> Its actually worse than that. Microsoft will actually trust and validate
> certificates that have names that do not conform to the name constraints
> Somewhere I have read a justification / method for
> > this but have lost track.
>
> I am still to find a justification for this :-)
I thought I had read something to the effect of it being used to
help set up the path discovery, not suborn name constraints,
but I admit I cannot find the reference. Maybe it's it in MSDN
somewhere.
More information about the caops-wg
mailing list