Name Constraints, was Re: [caops-wg] Re: ca signing policy file
Mike Helm
helm at fionn.es.net
Mon Oct 10 11:53:25 CDT 2005
David Chadwick writes:
> Can anyone give me evidence of support or non-support of commercial CAs
> for the name constraints extension?
Well, in the recent past, no commercial client software supported
name constraints, so whether commercial CAs supported them or not
was a moot point. Well worse than that, since it's a critical
extension. Your CA would be useless.
openssl doesn't support it, so that makes use of name constraints
in the web &c world pretty much impossible. I am not sure whether
recent Windows products can; it would make sense that they do,
because of cross-signing support, but I don't know.
More information about the caops-wg
mailing list