[cabfpub] CT Precertificates and the BRs

Ben Laurie benl at google.com
Tue Jan 14 06:49:25 MST 2014


On 14 January 2014 10:04, Gervase Markham <gerv at mozilla.org> wrote:
> On 14/01/14 04:41, Rick Andrews wrote:
>> Ben, the poison extension only ensures it can't be used in SSL with
>> modern browsers. We recently had to use the poison extension to
>> create a BR-incompatible SSL cert for a non-browser app.
>
> Surely if the non-browser app in question understands what the "poison
> extension" means, then it's not a poison extension any more, it's just a
> critical extension that one app understands :-)

Exactly, and no app should understand the CT poison extension.


More information about the Public mailing list