[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!

* Simon McVittie <smcv@debian.org>, 2014-06-17, 13:20:
It should be possible to make a CA certificate that is only considered to be valid for the spi-inc.org and debian.org subtrees, and then trust the assertion that SPI control that certificate - but in widely-used applications, that isn't possible.

In theory, the Name Constraints extension should allow one to achieve what you said:
No idea how well it is supported, though.

Jakub Wilk

Reply to: