On Thu, Sep 19, 2013 at 4:15 PM, Ben Laurie <b...@links.org> wrote: > > > > On 18 September 2013 21:47, Viktor Dukhovni <cryptogra...@dukhovni.org>wrote: > >> On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote: >> >> > > This is only realistic with DANE TLSA (certificate usage 2 or 3), >> > > and thus will start to be realistic for SMTP next year (provided >> > > DNSSEC gets off the ground) with the release of Postfix 2.11, and >> > > with luck also a DANE-capable Exim release. >> > >> > What's wrong with name-constrained intermediates? >> >> X.509 name constraints (critical extensions in general) typically >> don't work. >> > > No. They typically work. As usual, Apple are the fly in the ointment. >
The key to make them work is to NOT follow the IETF standard and to NOT mark the extension critical. If the extension is marked critical as RFC 5280 demands then the certificates will break in Safari (and very old versions of some other top tier browsers). If the extension is not marked critical as CABForum and Mozilla recommend then nothing breaks and the certificate chain will be correctly processed by every current edition of every top tier browser apart from Safari. The peculiar insistence that the extension be marked critical despite the obvious fact that it breaks stuff is one of the areas where I suspect NSA interference. -- Website: http://hallambaker.com/
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
