[Servercert-wg] Removing the exception to allow non-critical name constraints

Wayne Thayer wthayer at mozilla.com
Thu Oct 17 08:53:38 MST 2019

On Thu, Oct 17, 2019 at 7:58 AM Paul Hoffman via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> De-cloaking for just a moment...
> It feels like some folks here feel that maybe we are moving too fast
> because name constraints being marked critical happened "recently", in RFC
> 5280 from just 11 years ago. Old-timers will remember that it was also
> marked that way in RFC 3280 from 2002.
My concern isn't about when the requirement was created, but when it was
implemented, and the number of devices in use that are still running
non-compliant software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/2e618277/attachment.html>

More information about the Servercert-wg mailing list