[cabfpub] Misissuance of certificates

Gervase Markham gerv at mozilla.org
Mon Jan 18 17:00:52 UTC 2016

On 18/01/16 11:58, Sigbjørn Vik wrote:
> No. The current understanding of the scope is all certificates chaining
> to a root embedded in public browsers. A CA can choose itself which
> roots are in scope, but not individual certificates.

Technically constraining it _does_ change some things. But if I remember
correctly, those relate to other root program requirements, rather than
to the BRs.


More information about the Public mailing list