On Sep 22, 2010, at 9:44 AM, Paul Hoffman wrote:
At 10:21 AM -0600 9/22/10, Peter Saint-Andre wrote:
On 9/14/10 12:51 AM, Stefan Santesson wrote:
General:
I would consider stating that server certificates according to this profile
either MUST or SHOULD have the serverAuth EKU set since it
Paul Hoffman wrote:
There should at least be a rule stating that any client that accepts the CN
attribute to carry the domain name MUST also perform name constraints on
this attribute using the domain name logic if name constraints is applied to
the path. Failing this requirement poses a