PolicyMappings extensions marked CRITICAL

Subject: PolicyMappings extensions marked CRITICAL
From: "Dan Proietti" <dproietti@corestreet.com>
Date: Mon, 4 Oct 2004 16:42:05 -0400
Content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="us-ascii"
thread-index: AcSqUlk6MQ0W7z/iTWuRpl/Pge1VQw==
Thread-Topic: PolicyMappings extensions marked CRITICAL


A number (if not all) of the certificates in the test suite that include
a PolicyMappings extension also mark it CRITICAL.  This seems to be a
violation of the specification, according to RFC 3280 Section 4.2.1.6
which states:

   This extension MAY be supported by CAs and/or applications, and it
   MUST be non-critical.

I'm concerned that this could cause otherwise conforming path validation
routines to fail the suite because the criticality indicator is not
expected to be set and no semantics are defined for it, in either 3280
or the PKITS documentation.


Dan Proietti

Follow-Ups:
- Re: PolicyMappings extensions marked CRITICAL
  - From: "David A. Cooper" <david.cooper@nist.gov>

Prev by Date: Minor Updates to PKITS test suite and data
Next by Date: Re: PolicyMappings extensions marked CRITICAL
Prev by thread: PKITS LDAP server is temporarily down
Next by thread: Re: PolicyMappings extensions marked CRITICAL

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov