Florian Weimer wrote: > * Michael Ströder: > >> Florian Weimer wrote: >>> What about requiring that all certificates must be published by the CA >>> (including sub-CAs)? >> No, this might lead to also revealing internal DNS names never meant to >> be public. > > Huh? Typical CA policies
Whatever a "typical CA policy" is. Note that the requirement mentioned by you above explicitly includes corporate sub-CAs which may issue server certs for servers not publicly accessible over Internet. > explicitly state that subscriber certificates are not confidential, > and are not treated as such by the CA Keeping certs really confidential and publishing certs in a public searchable database is something different. > (so that they can be used by marketing, for instance). This is a different topic. Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto