The 5280, 3280, and 2459 profiles are utterly broken and useless. They conflate privilege
management with identity management (extendedKeyUsage for the lose), and they
have violated ASN.1 and OID management constraints by changing the semantics of an already-defined
OID between 2459 and 3280.
RFC 5280 is just what it says it is:
Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile
tailored for the Internet (Section 3.1) No one said that it's
anything more. Don't use it if you don't like it, but it's worth
knowing about.
Erwann
Hodie VI Id. Aug. MMX, David Shambroom scripsit:
RFC 5280 is just what it says it is:
Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Exactly. And Kyle was explaining where to find the X.509
specification.
tailored for the Internet
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
See:
http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at