That post is almost 7 years old. My second link is to the test suite mentioned a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		infogulch on Sept 17, 2023 \| parent \| context \| favorite \| on: Running one’s own root Certificate Authority in 20... That post is almost 7 years old. My second link is to the test suite mentioned at the end, which if you look at it you'll see that name constraints are now universally supported. I don't think this take is valid anymore.

yonran on Sept 17, 2023 [–]

And for old devices, letsencrypt should force nameConstraints to be a critical extension so that old devices will just fail to accept it so that it won't be used “rogue”ly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact