Nick Lamb <n...@tlrmx.org> writes: >You won't get such a certificate from a public CA (presumably meaning a CA >issuing in the Web PKI).
Well, you're less likely to now thanks to CT. Before that public CAs issued huge numbers of them, including EV certs. >They're subject to the CA/B Baseline Requirements which explicitly forbid >this (in 7.1.4.2.1): In practice the BR is more what you'd call "guidelines" than actual rules... Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls