[cabfpub] Misissuance of certificates

[Gervase Markham]

On 18/01/16 11:58, Sigbjørn Vik wrote:
> No. The current understanding of the scope is all certificates chaining
> to a root embedded in public browsers. A CA can choose itself which
> roots are in scope, but not individual certificates.

Technically constraining it _does_ change some things. But if I remember
correctly, those relate to other root program requirements, rather than
to the BRs.

Gerv