[cabfpub] CT Precertificates and the BRs

Rick Andrews Rick_Andrews at symantec.com
Tue Jan 14 04:41:20 UTC 2014

Ben, the poison extension only ensures it can't be used in SSL with modern browsers. We recently had to use the poison extension to create a BR-incompatible SSL cert for a non-browser app. 


> On Jan 8, 2014, at 6:11 AM, "Ben Laurie" <benl at google.com> wrote:
> No, the precert:
> a) also has a poison extension (i.e. a critical extension no-one knows
> how to interpret)
> b) is optionally issued by a CT-only intermediate
> a ensures it can't be used in SSL.

More information about the Public mailing list