On Thu, Apr 24, 2014 at 9:07 PM, Kathleen Wilson <kwil...@mozilla.com> wrote: > Also, we added a section to the wiki page to list some behavior changes that > could cause a website certificate to no longer validate with Firefox 31. > https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
What is the rationale for this: 4. Mozilla::pkix performs chaining based on issuer name alone, and does not require that issuer's subject key match the authority key info (AKI) extension in the certificate. Classic verification enforces the AKI restriction. ? -- Martin +372 515 6495 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto