[openssl-users] More on cert serialnumbers
Mark H. Wood
mwood at iupui.edu
Fri Aug 18 13:18:55 UTC 2017
On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote:
> The BR are for public CAs, not private CAs; even if some of those requirements are considered « good practice » (the 64 bits out of a CSPRNG is such a req), they cannot be forced on private CAs.
> And unless some or all of the browsers also apply these requirements to private CAs, you’re not forced to follow them all.
How does one mechanically distinguish public vs. private CAs?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170818/fdef7b54/attachment.sig>
More information about the openssl-users
mailing list