On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote:
> The BR are for public CAs, not private CAs; even if some of those 
> requirements are considered « good practice » (the 64 bits out of a CSPRNG is 
> such a req), they cannot be forced on private CAs.
> And unless some or all of the browsers also apply these requirements to 
> private CAs, you’re not forced to follow them all.

How does one mechanically distinguish public vs. private CAs?

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

Attachment: signature.asc
Description: PGP signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to