[cabfpub] Misissuance of certificates
gerv at mozilla.org
Mon Jan 18 17:00:52 UTC 2016
On 18/01/16 11:58, Sigbjørn Vik wrote:
> No. The current understanding of the scope is all certificates chaining
> to a root embedded in public browsers. A CA can choose itself which
> roots are in scope, but not individual certificates.
Technically constraining it _does_ change some things. But if I remember
correctly, those relate to other root program requirements, rather than
to the BRs.
More information about the Public