[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What makes a certificate invalid?
From: |
Daniel Kahn Gillmor |
Subject: |
Re: What makes a certificate invalid? |
Date: |
Fri, 11 Dec 2009 11:23:03 -0500 |
User-agent: |
Mozilla-Thunderbird 2.0.0.22 (X11/20091109) |
On 12/10/2009 07:49 PM, Daniel Kahn Gillmor wrote:
> I'm sure someone else can come up with possible ways i've missed that a
> certificate could be invalid ;)
i thought of another way this morning:
10) if the certificate contains an X.509v3 extension that is marked
"critical" that it does not know how to process, it MUST reject the
certificate:
http://tools.ietf.org/html/rfc5280#section-4.2.1.10
hth,
--dkg
signature.asc
Description: OpenPGP digital signature
Re: What makes a certificate invalid?, Rupert Kittinger-Sereinig, 2009/12/11