|
|
|
|
|
|
by lmz
490 days ago
|
|
|
Name Constraints has been around at least since 1999 (RFC 2459). I'm not sure why CAA is brought up here. I guess it is somewhat complementary in "reducing" the power of CAs, but it defends against good CAs misissuing stuff, not limiting the power of arbitrary CAs (as it's checked at issuance time, not at time of use). |
|
|