Name Constraints, was Re: [caops-wg] Re: ca signing policy file
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Oct 12 08:35:56 CDT 2005
Von Welch wrote:
>
> My take is also that it wouldn't be prudent, even with these advances
> in NameConstraints adoption, to assume they remove the need for RP-
> specified policies such as this document describes. That would
> require adoption by CAs in general.
>
> Von
>
Agreed. Also given that the current 3280 semantics are Allow all except,
then you cant rely on the name constraints software to remove certs with
different name forms to the ones you specify (and fact you can rely on
it to accept them)
regards
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list