Issuing CA cert with Name Constraints is good, but end user should recognize the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fomine3 on March 24, 2021 \| parent \| context \| favorite \| on: Chrome’s address bar will use https:// by default Issuing CA cert with Name Constraints is good, but end user should recognize the certificate is constrained to their domains or not.

midasuni on March 24, 2021 [–]

The end user should be able to choose the domains the root is valid for - regardless of x509 name constraints.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact