[cabfpub] CT Precertificates and the BRs
Rick_Andrews at symantec.com
Tue Jan 14 04:41:20 UTC 2014
Ben, the poison extension only ensures it can't be used in SSL with modern browsers. We recently had to use the poison extension to create a BR-incompatible SSL cert for a non-browser app.
> On Jan 8, 2014, at 6:11 AM, "Ben Laurie" <benl at google.com> wrote:
> No, the precert:
> a) also has a poison extension (i.e. a critical extension no-one knows
> how to interpret)
> b) is optionally issued by a CT-only intermediate
> a ensures it can't be used in SSL.
More information about the Public