Ralf Hornik Mailings wrote:
> Hi,
>
>> Dmitrij Mironov wrote:
[...]
> It MUST appear but it SHOULD be marked as critical
The SHOULD is practically equivalent to a MUST, the only difference
is that is case of "technical" issues the SHOULD allows for the feature
to not be implemented.
>> As I understand from this - CA (in most cases) must have key usage
[...]
> I wouldn't mark any extension as critical unless the certificate and crl
[...]
> will fail.
This is true. Indeed this is why many CAs do not mark extensions as
critical... but at some point we should follow the new RFC... hopefully
the new 3280bis will be ready soon...
... maybe we could add some profiles explicitly marked as "RFC-3280"
compliant... but I do not know, from a usability point of view if the
differences will be understandable by users and ca managers...
--- Max
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
