At Tue, 19 Jul 2016 08:43:00 -0400, Russ Housley wrote: > > Does this apply to the Certificate Policy OID too? If memory is > correct, the current CP has a normative pinter to RFC 3779.
Good catch. Not sure a policy OID change is necessary, although might be simplest. If there's a reference, we either need to change the OID or change the definition of what the OID means. IIRC, the OpenSSL library code doesn't do anything RFC-3779-specific for the policy OID, it just follows the usual rules; it's the RP code built on top of the library that demands that particular policy OID. So at least in the OpenSSL case, changing the policy OID may not have any noticeable effect on correctness of software behavior. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
