On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote: > The BR are for public CAs, not private CAs; even if some of those > requirements are considered « good practice » (the 64 bits out of a CSPRNG is > such a req), they cannot be forced on private CAs. > And unless some or all of the browsers also apply these requirements to > private CAs, you’re not forced to follow them all.
How does one mechanically distinguish public vs. private CAs? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu
signature.asc
Description: PGP signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users