Name Constraints, was Re: [caops-wg] Re: ca signing policy file
David Chadwick
d.w.chadwick at kent.ac.uk
Mon Oct 10 13:52:22 CDT 2005
Mike
I am informed by MS that they support name constraints, but I dont know
which products, OS versions etc.
thanks
David
Mike Helm wrote:
> David Chadwick writes:
>
>>Can anyone give me evidence of support or non-support of commercial CAs
>>for the name constraints extension?
>
>
> Well, in the recent past, no commercial client software supported
> name constraints, so whether commercial CAs supported them or not
> was a moot point. Well worse than that, since it's a critical
> extension. Your CA would be useless.
>
> openssl doesn't support it, so that makes use of name constraints
> in the web &c world pretty much impossible. I am not sure whether
> recent Windows products can; it would make sense that they do,
> because of cross-signing support, but I don't know.
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list