Matt McCutchen wrote:
A name-constrained intermediate certificate could be quite convenient for the large organizations that are presently demanding their users to trust private CAs for the whole Web (see bug 501697).
Ah ! The direction of restricting people who currently use sub-CA for their purpose to make it more secure will certainly be much more successful than presenting it as allowing many more people to have their own sub-CA.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto