Content deleted Content added
m Removing unnecessary comment from previous edit |
m CHECKWIKI error #61 fix and general fixes, References after punctuation per WP:CITEFOOT and WP:PAIC using AWB (8459) |
||
Line 17:
* Name constraints are checked, to make sure the subject name is within the permitted subtrees list of all previous CA certificates and not within the excluded subtrees list of any previous CA certificate;
* The asserted [[Certificate Policy]] [[Object identifier|OIDs]] are checked against the permissible OIDs as of the previous certificate, including any policy mapping equivalencies asserted by the previous certificate;
* Policy constraints and basic constraints are checked, to ensure that any explicit policy requirements are not violated and that the certificate is a CA certificate, respectively. This step is crucial in preventing some man in the middle attacks
* The path length is checked to ensure that it does not exceed any maximum path length asserted in this or a previous certificate;
* The key usage extension is checked to ensure that is allowed to sign certificates; and
Line 29:
== Implementations ==
* [http://www.carillon.ca/tools/pathfinder.php Pathfinder] is an open-source implementation of the algorithm in RFC 3280.
Line 35 ⟶ 34:
* [[Delegated Path Discovery]]
* [[Delegated Path Validation]]
{{crypto-stub}}▼
[[Category:Cryptographic protocols]]
▲{{crypto-stub}}
| |||