[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: [openssl-users] More on cert serialnumbers
From: Erwann Abalea via openssl-users <openssl-users () openssl ! org>
Date: 2017-08-18 13:56:55
Message-ID: 64663858-011F-4A13-87ED-106EF75B4A7A () docusign ! com
[Download RAW message or body]
> Le 18 août 2017 à 15:18, Mark H. Wood <mwood@IUPUI.Edu> a écrit :
>
> On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote:
> > The BR are for public CAs, not private CAs; even if some of those requirements \
> > are considered « good practice » (the 64 bits out of a CSPRNG is such a req), \
> > they cannot be forced on private CAs. And unless some or all of the browsers also \
> > apply these requirements to private CAs, you're not forced to follow them all.
>
> How does one mechanically distinguish public vs. private CAs?
OS/Browser-granted or user-granted. Each browser does it differently.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic