[cabfpub] Name Constraints, Auditing and EKU
Rob Stradling
rob.stradling at comodo.com
Tue Apr 23 13:46:03 MST 2013
On 23/04/13 21:01, Carl Wallace wrote:
> On 4/23/13 3:58 PM, "Rob Stradling" <rob.stradling at comodo.com> wrote:
>
>>
>> Agreed. That's why I tried (unsuccessfully) to persuade Mozilla to
>> require the use of the Netscape Cert Type extension instead of "EKU
>> constraints" (this was last year when the "technically constrained"
>> language in the current version of the Mozilla CA Policy was being put
>> together).
>
> Is there a specification that defines how "EKU constraints" work?
I'm not aware of any single definitive spec, but here are a few useful
links...
Section 9 of
http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html
http://technet.microsoft.com/en-us/library/cc731792(v=ws.10).aspx
http://unmitigatedrisk.com/?p=57
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list