[cabf_validation] RFC 5280 conflict for SKI in subscriber certificates
Hubert Chao
hchao at google.com
Thu Dec 1 14:59:01 UTC 2022
On Thu, Dec 1, 2022 at 5:21 AM Lahtiharju, Pekka via Validation <
validation at cabforum.org> wrote:
> I support Paul’s idea to change this to SHOULD. Why should we create new
> recommendations against RFC when this extension is useful in several use
> cases and almost everybody is using it now.
>
Could you list out the use cases where this extension is useful for a TLS
certificate? The discussion that Corey linked to (
https://lists.cabforum.org/pipermail/validation/2021-July/001672.html)
specifically says "... a TLS certificate [SKI] should not be needed ... ".
/hubert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20221201/00530707/attachment.html>
More information about the Validation
mailing list