Name Constraints, was Re: [caops-wg] Re: ca signing policy file
Cowles, Robert D.
rdc at slac.stanford.edu
Tue Oct 11 13:46:22 CDT 2005
> -----Original Message-----
> From: owner-caops-wg at ggf.org [mailto:owner-caops-wg at ggf.org]
> On Behalf Of Mike Helm
...
> It doesn't make sense
> to me that the commercial SSL server cert providers would
> use name constraints, because of their naming strategies.
> But they might use them if they operate a subordinate CA for
> some defined party (like a regional government, or
> large company).
When we use Verisign we had a deal that we had a certificate
that could be used to sign so many certs locally. I don't know
if we have the same kind of deal with Thawte, but I'll check.
In any case, that seems like exactly the case where a commercial
provider would want to use name constraints ... is that what you
meant in the later part of the sentence above?
Bob Cowles
More information about the caops-wg
mailing list