On Sun, May 15, 2016 at 5:19 PM, Jesse Wilson <[email protected]> wrote: > Thanks Brian! I’m happy to hear that this is an implementation bug (that I > can petition to get fixed), rather than spec bug (that we all have to > workaround).
It depends on the issuing policies. The IETF has no way to specify that a certificate was created or issued under PKIX, so its a moot point. (It creates a vaccum like the EV mess, except for standard certificates rather than EV certificates). Jeff _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
