#pkijs now supports Name Constraints #webcryptohttps://github.com/GlobalSign/PKI.js/commit/4d00c0e007be9e844ca6daa60d39e4df2895228b …
@rmhrisk stringPrep seems overcomplicated. Why not just require exact match for permittedSubtrees and reject excludedSubtrees completely?
-
-
@BRIAN_____ feedback appreciated //cc@YuryStrozhevskyThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@rmhrisk The code passed all name const tests from NIST PKITS 2011. Please mail me yury@strozhevsky.com I will answer detailed. -
@YuryStrozhevsky@rmhrisk No, I mean that the spec mandating stringprep during validation is silly. Is stringprep necessary in practice? -
@BRIAN_____@YuryStrozhevsky I don't love c14n prior to compare but to pass PKITS it's required. Not sure what if anything breaks without. -
@rmhrisk@YuryStrozhevsky I wrote down my thoughts about issuer/subject name matching here: https://bugzilla.mozilla.org/show_bug.cgi?id=1008133#c7 …. Similar for NCs.
End of conversation
New conversation -
-
-
@BRIAN_____@rmhrisk BTW in my code stringPrep takes 3 lines of code (for the moment). And the code passed NIST PKITS 2011 :) -
@BRIAN_____@rmhrisk BTW NIST must add tests with international chars in PKITS, for sure.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.