I think we're saying the same thing. Lack of universally accepted policies (er, policy OIDs) is hold policy extensions back. Even if NSS implemented policy extensions today, lack of policy definition would make it pretty useless, IMO.
Chicken and Egg. But really, it needs to be implemented first, and then it will be possible to do a small scale experiment to find what kind of OID to use and what to represent with those OID.
One can use there arbitratry OID, and even map them them later to normalized value via policy mapping, but if not enough is implemented, it's not possible to experiment.
A problem is that if it ever begins to develop, it will probably end up somewhat stepping on the extended key usage extension, I don't believe the two uses are fully orthogonal.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
