Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
merb
on March 23, 2021
|
parent
|
context
|
favorite
| on:
Chrome’s address bar will use https:// by default
3. use cross signing with name constraints to not have this problem
https://tools.ietf.org/html/rfc5280#section-4.2.1.10
Sebb767
on March 24, 2021
|
next
[–]
4. Find out that name constraints are either not supported or ignore by basically all major libraries.
fomine3
on March 24, 2021
|
prev
[–]
Issuing CA cert with Name Constraints is good, but end user should recognize the certificate is constrained to their domains or not.
midasuni
on March 24, 2021
|
parent
[–]
The end user should be able to choose the domains the root is valid for - regardless of x509 name constraints.
Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
https://tools.ietf.org/html/rfc5280#section-4.2.1.10