The 5280, 3280, and 2459 profiles are utterly broken and useless. They conflate "privilege
management" with "identity management" (extendedKeyUsage for the lose), and they
have violated ASN.1 and OID management constraints by changing the semantics of an already-defined
OID between 2459 and 32
Hodie VI Id. Aug. MMX, David Shambroom scripsit:
> RFC 5280 is just what it says it is:
>
> "Internet X.509 Public Key Infrastructure Certificate and
> Certificate Revocation List (CRL) Profile"
Exactly. And Kyle was explaining where to find the X.509
specification.
> "tailored for the Internet"
RFC 5280 is just what it says it is:
"Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile"
"tailored for the Internet" (Section 3.1) No one said that it's
anything more. Don't use it if you don't like it, but it's worth
knowing about.
Erwann
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
> See:
>
> http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at a
See:
http://www.ietf.org/rfc/rfc5280.txt
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of
information to have than the exact location. (Th
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of information to
have than the exact location. (There are other recommendations that X.509 refers to, and
being ab