Google: Maintaining digital certificate security
Google: Maintaining digital certificate security
Posted Mar 28, 2015 7:13 UTC (Sat) by ptman (subscriber, #57271)Parent article: Google: Maintaining digital certificate security
Recent browsers seem to support X.509 nameConstraints quite well. Why not actually make use of them? Only give companies CAs that can be used to sign certificates for the company's domains.
Posted Apr 1, 2015 11:26 UTC (Wed)
by robbe (guest, #16131)
[Link]
A write-up of your findings would be hightly appreciated.
nameConstraints
Do you have details? The last time I tried this about 6 months ago, this was severely underdocumented and I could not find a setting that worked, even if limiting browser diversity to popular versions of Internet Explorer and Firefox.