Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set EKU extension on CA certs #5

Open
JeremyRand opened this issue Dec 30, 2020 · 0 comments
Open

Set EKU extension on CA certs #5

JeremyRand opened this issue Dec 30, 2020 · 0 comments

Comments

@JeremyRand
Copy link
Member

Although the RFC does not define the behavior of EKU on CA certs, a lot of implementations will use it as a constraint on the EKU of end-entity certs transitively issued by that CA. Thus, any safetlsa CA that's exclusively used for positive overrides can set EKU to ExtKeyUsageServerAuth and gain some extra security.
JeremyRand added a commit to JeremyRand/safetlsa that referenced this issue Feb 17, 2021
@JeremyRand
Set EKU on Domain CA
ad9434a 
Refs namecoin#5
JeremyRand added a commit to JeremyRand/safetlsa that referenced this issue Feb 17, 2021
@JeremyRand
Set EKU on TLD CA
24813e7 
Refs namecoin#5
@JeremyRand JeremyRand mentioned this issue Feb 17, 2021
Merged
JeremyRand added a commit that referenced this issue Feb 17, 2021
@JeremyRand
Merge #6: Support AIA
57e499e 
24813e7 Set EKU on TLD CA (Jeremy Rand)
ad9434a Set EKU on Domain CA (Jeremy Rand)
b7fa7cf Support AIA (Jeremy Rand)

Pull request description:

  Refs #3
  Refs #5

Top commit has no ACKs.

Tree-SHA512: adf9da8e0c39e4e43cd98edfdd9a68af155f36b29e67b150f17f14c45426b0ea7322d353e4c4c32f5ace1df6531b1d4e3b4fd3b3dc3cafdeb11600c9aba7a173
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JeremyRand