The 5280, 3280, and 2459 profiles are utterly broken and useless. They conflate privilege
management with identity management (extendedKeyUsage for the lose), and they
have violated ASN.1 and OID management constraints by changing the semantics of an already-defined
OID between 2459 and 3280.
RFC 5280 is just what it says it is:
Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile
tailored for the Internet (Section 3.1) No one said that it's
anything more. Don't use it if you don't like it, but it's worth
knowing about.
Erwann
Hodie VI Id. Aug. MMX, David Shambroom scripsit:
RFC 5280 is just what it says it is:
Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
Exactly. And Kyle was explaining where to find the X.509
specification.
tailored for the Internet
See:
http://www.ietf.org/rfc/rfc5280.txt
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of
information to have than the exact location.
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
See:
http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of information to
have than the exact location. (There are other recommendations that X.509 refers to, and
being