>
> in X509 and RFC3280 "Critical" means that if you don't know how to handle an
> entension, you can ignore it. if you know how to handle it, you treat it
X
> independantly of critical or not.
I was mildly shaked to wake up :
Obviously, I missed the half sentence at 'X': "if critical is not set".
Or:
- You know and extension ==> treat it
- else, (you don't know it) and critical is NOT set, ignore it
- else fail.
In a previous version of X509 and of PKIX you had
- If you don't know an extension and critical is not set, ignore
- else if you don't know and crticila is set, fail;
- else (you know) and critical ==> treatment A
- else you know and non critical ==> treatmant B.
----- End Included Message -----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
