[Servercert-wg] Removing the exception to allow non-critical name constraints
Wayne Thayer
wthayer at mozilla.com
Thu Oct 17 08:53:38 MST 2019
On Thu, Oct 17, 2019 at 7:58 AM Paul Hoffman via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> De-cloaking for just a moment...
>
> It feels like some folks here feel that maybe we are moving too fast
> because name constraints being marked critical happened "recently", in RFC
> 5280 from just 11 years ago. Old-timers will remember that it was also
> marked that way in RFC 3280 from 2002.
>
>
My concern isn't about when the requirement was created, but when it was
implemented, and the number of devices in use that are still running
non-compliant software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191017/2e618277/attachment.html>
More information about the Servercert-wg
mailing list