On 17/11/16 12:42, Rob Stradling wrote: > Gerv, why must the EKU extension be critical?
Are you saying that making it critical causes problems? > I don't remember ever seeing an intermediate cert with a critical EKU > extension. It would be unfortunate if your "further restrictions" lead > to CAs reissuing their SHA-1 intermediates! I don't see much risk in a CA reissuing a SHA-1 intermediate /per se/, because I am assuming that CAs are not trying to engineer collisions. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
