On Fri, Mar 09, 2018 at 07:35:09PM -0500, Sean Turner wrote:
> > On 03/09/2018 03:35 PM, Eric Rescorla wrote:
> >> 
> >> The current text neither allows nor prohibits the same OID
> >> appearing twice. We should do one or the other.
> Okay so the OIDs can’t appear twice in the certificate, because
> certificate extensions are only supposed to appear once so why
> don’t we just follow suit and require no dupes?

Duplicate OIDs do not look to be useful either:

- All of currently defined filters have "all of" behavior.
- Duplicate filters would presumably intersect.
- Thus, one can rewrite a filter that has duplicate OIDs with just
  each OID once.


TLS mailing list

Reply via email to