Ben,
...
It might be worth emhpasizing that the principal reason cited for
not marking the extension critical, as per X,.509
and RFC 5280, was a single vendor's unwillingness to fix a bug in
their browser. The CABF members, being browser vendors
as well as third-party CAs, was the prefect venue in which elect
to given precedence to a vendor's intransigence.
Even if that vendor had been willing to fix the bug, you'd still need
name constraints to be non-critical, or they'd break every outdated
browser. Which would mean they could not be used for many years. So
clearly they had to be non-critical, as will future extensions have to
be, I'm sure.
So, I don't think the emphasis is worth it.
So, are you saying that other browsers also are not complaint with 5280
in this respect, or is this more
or a rhetorical distinction?
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
