Re: HTTPS everywhere!
* Simon McVittie <smcv@debian.org>, 2014-06-17, 13:20:
It should be possible to make a CA certificate that is only considered
to be valid for the spi-inc.org and debian.org subtrees, and then trust
the assertion that SPI control that certificate - but in widely-used
applications, that isn't possible.
In theory, the Name Constraints extension should allow one to achieve
what you said:
http://tools.ietf.org/html/rfc5280#section-4.2.1.10
No idea how well it is supported, though.
--
Jakub Wilk
Reply to: