On Apr 6, 5:54 am, Jean-Marc Desperrier <jmd...@gmail.com> wrote: > Matt McCutchen wrote: > > An extended key usage of "TLS Web Server Authentication" on the > > intermediate CA would constrain all sub-certificates, no? > > You are here talking about a proprietary Microsoft extension of the X509 > security model.
No, I'm talking about the "Extended Key Usage" extension defined in RFC 5280 section 4.2.1.12. -- Matt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto