On Sun, Sep 25, 2016 at 2:35 PM, Henrick Hellström <[email protected]> wrote: > Then again, the ASN.1 module in https://datatracker.ietf.org/doc/rfc5280/ > says differently. Strictly speaking, RFC 3279 does not override the PKIX > specification when it comes to X.509 certificates; only for formats such as > RSA PUBLIC KEY that rely solely on the ASN.1 module in RFC 3279.
To answer your original question then, this is intentional. While there are certainly differences of opinion about the applicability of Postel's law in this space, in practical terms requiring a NULL in this location empirically has very good compatibility and we don't like adding flexibility without good reason. Cheers AGL -- Adam Langley [email protected] https://www.imperialviolet.org _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
