Mike Mike Helm wrote:
David Chadwick writes:
Now if you are telling me that most commercial CAs do not support name constraints, that would be a powerful argument to support reverting name constraints back to their original semantics.
As interesting as the name constraints tangent is, did it actually address your question?
I assumed when you said "commercial CA" you meant something like Verisign or Global sign &c.
But you could have meant a PKI environment like Entrust or Windows....
Actually I was interested in both David
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************