> Le 18 août 2017 à 15:18, Mark H. Wood <mwood@xxxxxxxxx> a écrit : > > On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote: >> The BR are for public CAs, not private CAs; even if some of those requirements are considered « good practice » (the 64 bits out of a CSPRNG is such a req), they cannot be forced on private CAs. >> And unless some or all of the browsers also apply these requirements to private CAs, you’re not forced to follow them all. > > How does one mechanically distinguish public vs. private CAs? OS/Browser-granted or user-granted. Each browser does it differently. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
