Actions
Enhancement #522
closedImplement RFC6844
Start date:
2017-04-17
Due date:
% Done:
100%
Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Yes
Help Needed:
Description
Even if I think this is probably won't solve much of anything as it is based on "compliant CA", which means will and proper implementation from CAs which proved to do much wrong in the past.
A better way, but with some performance impact for the clients, would be to match the CA's CN with the issuer domain for example, but that's not the direction taken. Anyway let's give it a try.
Actions