Bob Jueneman wrote: > Then, once it becomes obvious that a single bit is not sufficient > to represent all of the different and useful notions that are at > least close to NR, we can them make progress in defining those > addition bits or states. Mr. Jueneman, list: This might well constitute sticking my neck out too far, but since the certificatePolicies extension has room for more than one PolicyInformation SEQUENCE, could not the PKIX working group try working out a set of the most common conceptions of the usage of the NR bit and define CertPolicyId's for them that conformant CAs could add to their own? The combination of NR-specific policyIdentifier and presence/absence of NR-bit should hopefully be sufficient to represent at least the different notions present in the PKIX working group. Just a thought. //oscar
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature