[cabfpub] Urgent: BR Exceptions for Subordinate CA Certificates
Ryan Hurst
ryan.hurst at globalsign.com
Thu Oct 31 23:14:24 UTC 2013
In RFC5280 name constraints applied via DirectoryName are not limited to
restrictions to the RDN DC.
Ryan
*From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
Behalf Of *Eddy Nigg (StartCom Ltd.)
*Sent:* Thursday, October 31, 2013 4:11 PM
*To:* Kathleen Wilson
*Cc:* CABFPub
*Subject:* Re: [cabfpub] Urgent: BR Exceptions for Subordinate CA
Certificates
On 10/31/2013 09:35 PM, From Kathleen Wilson:
* To name constrain the intermediate certificate according to BR 9.7,
the certificate will need to contain a constraint permitting a directory
name of "o=admin,c=CH", in order to support the existing certificates.
BTW, these are not a directory constraints, but an organization and common
name fields. Directory constraints are DC fields:
DC=COM, DC=MOZILLA, DC=LDAP
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP:
startcom at startcom.org <xmpp:startcom at startcom.org>
Blog:
Join the Revolution! <http://blog.startcom.org>
Twitter:
Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131031/a1266008/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131031/a1266008/attachment-0001.p7s>
More information about the Public
mailing list