[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [caops-wg] Re: ca signing policy file

To: David Chadwick <d.w.chadwick@xxxxxxxxxx>
Subject: Re: [caops-wg] Re: ca signing policy file
From: Mike Helm <helm@xxxxxxxxxxxx>
Date: Mon, 10 Oct 2005 08:30:22 -0700
Cc: Von Welch <vwelch@xxxxxxxxxxxxx>, CAOPS-WG <caops-wg@xxxxxxx>,Olle Mulmo <mulmo@xxxxxxxxxx>, Joni Hahkala <joni.hahkala@xxxxxxx>,Jules Wolfrat <wolfrat@xxxxxxx>, Ron Trompert <ron@xxxxxxx>,Frank Siebenlist <franks@xxxxxxxxxxx>
Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
In-reply-to: Your message of "Mon, 10 Oct 2005 10:32:57 BST." <434A3549.90203@kent.ac.uk>
Reply-to: helm@xxxxxxxxxxxx
Sender: owner-caops-wg@xxxxxxx

David Chadwick writes:
> > AIA extensions that jump around missing links in the trust chain
> Its actually worse than that. Microsoft will actually trust and validate 
> certificates that have names that do not conform to the name constraints 
>   Somewhere I have read a justification / method for
> > this but have lost track.
> 
> I am still to find a justification for this :-)

I thought I had read something to the effect of it being used to
help set up the path discovery, not suborn name constraints,
but I admit I cannot find the reference.  Maybe it's it in MSDN
somewhere.

References:
- Re: [caops-wg] Re: ca signing policy file
  - From: David Chadwick

Prev by Date: Re: [caops-wg] Re: ca signing policy file
Next by Date: Re: [caops-wg] Re: ca signing policy file
Previous by thread: Re: [caops-wg] Re: ca signing policy file
Next by thread: Re: [caops-wg] Re: ca signing policy file
Index(es):
- Date
- Thread