On Tue, Apr 9, 2019 at 10:39 AM Lijun Liao <lijun.l...@gmail.com> wrote:
> Just makes it clear: The extension KeyUsage is optional in subscriber's > certificate. But what happens if it is present and is NOT critical? > RFC 5280 says SHOULD, not MUST. RFC 2119 defines SHOULD as: 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course I think, in such an event, a CA may be reasonably asked to provide details about what the valid reasons of the particular circumstances were to deviate from that SHOULD, and how the full implications were understood and weighed. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy